Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies;
false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and
the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties,
implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided
is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever
arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
Scan Information (
show all ):
dependency-check version : 3.0.2
Report Generated On : nov. 16, 2017 at 11:18:37 +01:00
Dependencies Scanned : 444 (444 unique)
Vulnerable Dependencies : 119
Vulnerabilities Found : 422
Vulnerabilities Suppressed : 0
...
NVD CVE 2002 : 09/11/2017 09:45:42
NVD CVE 2003 : 09/11/2017 09:43:38
NVD CVE 2004 : 09/11/2017 09:43:05
NVD CVE 2005 : 09/11/2017 09:42:02
NVD CVE 2006 : 09/11/2017 09:40:15
NVD CVE 2007 : 16/11/2017 10:30:23
NVD CVE 2008 : 09/11/2017 09:34:54
NVD CVE 2009 : 09/11/2017 09:32:06
NVD CVE 2010 : 15/11/2017 09:22:41
NVD CVE 2011 : 14/11/2017 09:21:13
NVD CVE 2012 : 16/11/2017 10:30:24
NVD CVE 2013 : 16/11/2017 10:30:23
NVD CVE 2014 : 16/11/2017 10:30:24
NVD CVE 2015 : 16/11/2017 10:30:23
NVD CVE 2016 : 16/11/2017 10:30:23
NVD CVE 2017 : 16/11/2017 10:30:22
NVD CVE Checked : 16/11/2017 11:17:45
NVD CVE Modified : 16/11/2017 07:02:06
VersionCheckOn : 1510827465359
Display:
Showing Vulnerable Dependencies (click to show all)
Dependencies
xercesImpl-2.9.1.jar
Description:
Xerces2 is the next generation of high performance, fully compliant XML parsers in the
Apache Xerces family. This new version of Xerces introduces the Xerces Native Interface (XNI),
a complete framework for building parser components and configurations that is extremely
modular and easy to program.
File Path: Z:\Gradle\caches\modules-2\files-2.1\apache-xerces\xercesImpl\2.9.1\7bc7e49ddfe4fb5f193ed37ecc96c12292c8ceb6\xercesImpl-2.9.1.jar
MD5: f807f86d7d9db25edbfc782aca7ca2a9
SHA1: 7bc7e49ddfe4fb5f193ed37ecc96c12292c8ceb6
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor manifest: javax/xml/transform/ Implementation-Vendor Apache Software Foundation Medium
Vendor jar package name apache Low
Vendor manifest: javax/xml/parsers/ Implementation-Vendor Apache Software Foundation Medium
Vendor pom parent-groupid org.apache Medium
Vendor pom description Xerces2 is the next generation of high performance, fully compliant XML parsers in the Apache Xerces family. This new version of Xerces introduces the Xerces Native Interface (XNI), a complete framework for building parser components and configurations that is extremely modular and easy to program. Low
Vendor pom parent-artifactid apache Low
Vendor central groupid xerces Highest
Vendor file name xercesImpl High
Vendor pom url http://xerces.apache.org/xerces2-j Highest
Vendor pom artifactid xercesImpl Low
Vendor manifest: javax/xml/xpath/ Implementation-Vendor Apache Software Foundation Medium
Vendor manifest: org/apache/xerces/impl/Version.class Implementation-Vendor Apache Software Foundation Medium
Vendor pom name Xerces2 Java Parser High
Vendor manifest: org/apache/xerces/xni/ Implementation-Vendor Apache Software Foundation Medium
Vendor manifest: javax/xml/datatype/ Implementation-Vendor Apache Software Foundation Medium
Vendor manifest: javax/xml/validation/ Implementation-Vendor Apache Software Foundation Medium
Vendor gradle groupid apache-xerces Highest
Vendor manifest: org/xml/sax/ Implementation-Vendor David Megginson Medium
Vendor manifest: org/w3c/dom/ Implementation-Vendor World Wide Web Consortium Medium
Vendor jar package name xerces Low
Vendor pom groupid xerces Highest
Vendor manifest: org/w3c/dom/ls/ Implementation-Vendor World Wide Web Consortium Medium
Product manifest: org/w3c/dom/ls/ Implementation-Title org.w3c.dom.ls Medium
Product manifest: javax/xml/validation/ Specification-Title Java API for XML Processing Medium
Product manifest: org/w3c/dom/ls/ Specification-Title Document Object Model, Level 3 Load and Save Medium
Product manifest: javax/xml/validation/ Implementation-Title javax.xml.validation Medium
Product manifest: org/apache/xerces/impl/Version.class Implementation-Title org.apache.xerces.impl.Version Medium
Product file name xercesImpl High
Product manifest: org/apache/xerces/xni/ Implementation-Title org.apache.xerces.xni Medium
Product manifest: org/w3c/dom/ Specification-Title Document Object Model, Level 3 Core Medium
Product manifest: org/w3c/dom/ Implementation-Title org.w3c.dom Medium
Product manifest: javax/xml/transform/ Specification-Title Java API for XML Processing Medium
Product manifest: javax/xml/parsers/ Implementation-Title javax.xml.parsers Medium
Product pom url http://xerces.apache.org/xerces2-j Medium
Product pom parent-groupid org.apache Low
Product jar package name xerces Low
Product manifest: javax/xml/xpath/ Specification-Title Java API for XML Processing Medium
Product manifest: javax/xml/transform/ Implementation-Title javax.xml.transform Medium
Product manifest: javax/xml/datatype/ Specification-Title Java API for XML Processing Medium
Product pom groupid xerces Low
Product pom description Xerces2 is the next generation of high performance, fully compliant XML parsers in the Apache Xerces family. This new version of Xerces introduces the Xerces Native Interface (XNI), a complete framework for building parser components and configurations that is extremely modular and easy to program. Low
Product manifest: org/xml/sax/ Implementation-Title org.xml.sax Medium
Product gradle artifactid xercesImpl Highest
Product pom parent-artifactid apache Medium
Product manifest: org/xml/sax/ Specification-Title Simple API for XML Medium
Product manifest: javax/xml/datatype/ Implementation-Title javax.xml.datatype Medium
Product manifest: org/apache/xerces/xni/ Specification-Title Xerces Native Interface Medium
Product manifest: javax/xml/parsers/ Specification-Title Java API for XML Processing Medium
Product pom name Xerces2 Java Parser High
Product pom artifactid xercesImpl Highest
Product manifest: javax/xml/xpath/ Implementation-Title javax.xml.xpath Medium
Product central artifactid xercesImpl Highest
Version pom version 2.9.1 Highest
Version central version 2.9.1 Highest
Version file version 2.9.1 Highest
core-3.3.0.jar
Description: Core barcode encoding/decoding library
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.google.zxing\core\3.3.0\73c49077166faa4c3c0059c5f583d1d7bd1475fe\core-3.3.0.jar
MD5: 9da5048b160deec8f955a67fa4e76ddb
SHA1: 73c49077166faa4c3c0059c5f583d1d7bd1475fe
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom description Core barcode encoding/decoding library Medium
Vendor pom name ZXing Core High
Vendor central groupid com.google.zxing Highest
Vendor pom parent-groupid com.google.zxing Medium
Vendor pom groupid google.zxing Highest
Vendor jar package name zxing Low
Vendor jar package name google Low
Vendor gradle groupid com.google.zxing Highest
Vendor pom artifactid core Low
Vendor pom parent-artifactid zxing-parent Low
Vendor file name core High
Product pom description Core barcode encoding/decoding library Medium
Product pom name ZXing Core High
Product pom parent-groupid com.google.zxing Low
Product pom parent-artifactid zxing-parent Medium
Product central artifactid core Highest
Product gradle artifactid core Highest
Product jar package name zxing Low
Product pom groupid google.zxing Low
Product file name core High
Product pom artifactid core Highest
Version central version 3.3.0 Highest
Version file version 3.3.0 Highest
Version pom version 3.3.0 Highest
concurrentlinkedhashmap-lru-1.4.2.jar
Description:
A high performance version of java.util.LinkedHashMap for use as a software cache.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.googlecode.concurrentlinkedhashmap\concurrentlinkedhashmap-lru\1.4.2\2eaf3d3c9746d526ff7e5b93931d482c3887e6ac\concurrentlinkedhashmap-lru-1.4.2.jar
MD5: 5edf6ccb727854204b7cc3405fbc5f01
SHA1: 2eaf3d3c9746d526ff7e5b93931d482c3887e6ac
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor central groupid com.googlecode.concurrentlinkedhashmap Highest
Vendor pom groupid googlecode.concurrentlinkedhashmap Highest
Vendor pom name ConcurrentLinkedHashMap High
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Vendor file name concurrentlinkedhashmap-lru High
Vendor manifest Bundle-Description A high performance version of java.util.LinkedHashMap for use as a software cache. Medium
Vendor gradle groupid com.googlecode.concurrentlinkedhashmap Highest
Vendor pom url http://code.google.com/p/concurrentlinkedhashmap Highest
Vendor Manifest bundle-symbolicname com.googlecode.concurrentlinkedhashmap.lru Medium
Vendor pom artifactid concurrentlinkedhashmap-lru Low
Vendor pom description
A high performance version of java.util.LinkedHashMap for use as a software cache.
Medium
Product pom name ConcurrentLinkedHashMap High
Product pom groupid googlecode.concurrentlinkedhashmap Low
Product gradle artifactid concurrentlinkedhashmap-lru Highest
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Product file name concurrentlinkedhashmap-lru High
Product pom url http://code.google.com/p/concurrentlinkedhashmap Medium
Product Manifest Bundle-Name ConcurrentLinkedHashMap Medium
Product pom artifactid concurrentlinkedhashmap-lru Highest
Product manifest Bundle-Description A high performance version of java.util.LinkedHashMap for use as a software cache. Medium
Product central artifactid concurrentlinkedhashmap-lru Highest
Product Manifest bundle-symbolicname com.googlecode.concurrentlinkedhashmap.lru Medium
Product pom description
A high performance version of java.util.LinkedHashMap for use as a software cache.
Medium
Version central version 1.4.2 Highest
Version file version 1.4.2 Highest
Version pom version 1.4.2 Highest
ez-vcard-0.9.10.jar
Description: A library that reads and writes vCards, supporting all versions of the vCard standard (2.1, 3.0, and 4.0) as well as xCard (XML-encoded vCards), hCard (HTML-encoded vCards), and jCard (JSON-encoded vCards).
License:
FreeBSD License: http://opensource.org/licenses/bsd-license.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.googlecode.ez-vcard\ez-vcard\0.9.10\1997520f849718ec99a92aa67c17e408e5cca32a\ez-vcard-0.9.10.jar
MD5: 0a1ca155833e526131774263e949b13b
SHA1: 1997520f849718ec99a92aa67c17e408e5cca32a
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor file name ez-vcard High
Vendor pom organization name Michael Angstadt High
Vendor Manifest bundle-symbolicname com.googlecode.ez-vcard Medium
Vendor pom artifactid ez-vcard Low
Vendor pom groupid googlecode.ez-vcard Highest
Vendor pom name ez-vcard High
Vendor gradle groupid com.googlecode.ez-vcard Highest
Vendor pom url http://github.com/mangstadt/ez-vcard Highest
Vendor central groupid com.googlecode.ez-vcard Highest
Vendor manifest Bundle-Description A library that reads and writes vCards, supporting all versions of the vCard standard (2.1, 3.0, and 4.0) as well as xCard (XML-encoded vCards), hCard (HTML-encoded vCards), and jCard (JSON-encoded vCards). Low
Vendor pom description A library that reads and writes vCards, supporting all versions of the vCard standard (2.1, 3.0, and 4.0) as well as xCard (XML-encoded vCards), hCard (HTML-encoded vCards), and jCard (JSON-encoded vCards). Low
Product Manifest Bundle-Name ez-vcard Medium
Product pom url http://github.com/mangstadt/ez-vcard Medium
Product Manifest bundle-symbolicname com.googlecode.ez-vcard Medium
Product central artifactid ez-vcard Highest
Product pom name ez-vcard High
Product gradle artifactid ez-vcard Highest
Product pom description A library that reads and writes vCards, supporting all versions of the vCard standard (2.1, 3.0, and 4.0) as well as xCard (XML-encoded vCards), hCard (HTML-encoded vCards), and jCard (JSON-encoded vCards). Low
Product pom groupid googlecode.ez-vcard Low
Product file name ez-vcard High
Product pom artifactid ez-vcard Highest
Product pom organization name Michael Angstadt Low
Product manifest Bundle-Description A library that reads and writes vCards, supporting all versions of the vCard standard (2.1, 3.0, and 4.0) as well as xCard (XML-encoded vCards), hCard (HTML-encoded vCards), and jCard (JSON-encoded vCards). Low
Version file version 0.9.10 Highest
Version pom version 0.9.10 Highest
Version central version 0.9.10 Highest
owasp-java-html-sanitizer-20170515.1.jar
Description:
Takes third-party HTML and produces HTML that is safe to embed in
your web application.
Fast and easy to configure.
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.googlecode.owasp-java-html-sanitizer\owasp-java-html-sanitizer\20170515.1\2ac64ee731e71b8ce411b7ff306c35eae672f6dd\owasp-java-html-sanitizer-20170515.1.jar
MD5: 3207f1e4ce09d37ab4006f0906c5bf29
SHA1: 2ac64ee731e71b8ce411b7ff306c35eae672f6dd
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom parent-groupid com.googlecode.owasp-java-html-sanitizer Medium
Vendor pom artifactid owasp-java-html-sanitizer Low
Vendor pom name OWASP Java HTML Sanitizer High
Vendor jar package name html Low
Vendor pom parent-artifactid parent Low
Vendor gradle groupid com.googlecode.owasp-java-html-sanitizer Highest
Vendor pom description Takes third-party HTML and produces HTML that is safe to embed in your web application. Fast and easy to configure. Low
Vendor file name owasp-java-html-sanitizer High
Vendor central groupid com.googlecode.owasp-java-html-sanitizer Highest
Vendor pom groupid googlecode.owasp-java-html-sanitizer Highest
Vendor jar package name owasp Low
Product pom artifactid owasp-java-html-sanitizer Highest
Product pom parent-artifactid parent Medium
Product pom groupid googlecode.owasp-java-html-sanitizer Low
Product pom name OWASP Java HTML Sanitizer High
Product jar package name html Low
Product pom parent-groupid com.googlecode.owasp-java-html-sanitizer Low
Product central artifactid owasp-java-html-sanitizer Highest
Product pom description Takes third-party HTML and produces HTML that is safe to embed in your web application. Fast and easy to configure. Low
Product file name owasp-java-html-sanitizer High
Product gradle artifactid owasp-java-html-sanitizer Highest
Version pom version 20170515.1 Highest
Version central version 20170515.1 Highest
Version file version 20170515.1 Highest
libphonenumber-8.8.3.jar
Description: Google's common Java library for parsing, formatting, storing and validating international phone numbers. Optimized for running on smartphones.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.googlecode.libphonenumber\libphonenumber\8.8.3\2d492c1e27cde609383f2cd2ed85872275b9c9fa\libphonenumber-8.8.3.jar
MD5: 1b2611816d9ba0061aefcebbe26b3610
SHA1: 2d492c1e27cde609383f2cd2ed85872275b9c9fa
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor file name libphonenumber High
Vendor pom groupid googlecode.libphonenumber Highest
Vendor pom parent-groupid com.googlecode.libphonenumber Medium
Vendor pom parent-artifactid libphonenumber-parent Low
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low
Vendor Manifest bundle-symbolicname com.googlecode.libphonenumber Medium
Vendor pom artifactid libphonenumber Low
Vendor Manifest bundle-docurl http://www.google.com/ Low
Vendor central groupid com.googlecode.libphonenumber Highest
Vendor manifest Bundle-Description Google's common Java library for parsing, formatting, storing and validating international phone numbers. Optimized for running on smartphones. Low
Vendor gradle groupid com.googlecode.libphonenumber Highest
Vendor pom url googlei18n/libphonenumber/ Highest
Product pom parent-artifactid libphonenumber-parent Medium
Product file name libphonenumber High
Product gradle artifactid libphonenumber Highest
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low
Product Manifest bundle-symbolicname com.googlecode.libphonenumber Medium
Product Manifest bundle-docurl http://www.google.com/ Low
Product pom url googlei18n/libphonenumber/ High
Product pom groupid googlecode.libphonenumber Low
Product pom artifactid libphonenumber Highest
Product manifest Bundle-Description Google's common Java library for parsing, formatting, storing and validating international phone numbers. Optimized for running on smartphones. Low
Product pom parent-groupid com.googlecode.libphonenumber Low
Product central artifactid libphonenumber Highest
Product Manifest Bundle-Name libphonenumber Medium
Version file version 8.8.3 Highest
Version central version 8.8.3 Highest
Version pom version 8.8.3 Highest
icu4j-59.1.jar
Description:
International Component for Unicode for Java (ICU4J) is a mature, widely used Java library
providing Unicode and Globalization support
License:
Unicode/ICU License: http://source.icu-project.org/repos/icu/trunk/icu4j/main/shared/licenses/LICENSE
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.ibm.icu\icu4j\59.1\6f06e820cf4c8968bbbaae66ae0b33f6a256b57f\icu4j-59.1.jar
MD5: 60997176cc2577bda51a4cb2b77bdbe2
SHA1: 6f06e820cf4c8968bbbaae66ae0b33f6a256b57f
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom name ICU4J High
Vendor file name icu4j High
Vendor jar package name ibm Low
Vendor Manifest Implementation-Vendor Unicode, Inc. High
Vendor manifest Bundle-Description International Components for Unicode for Java Medium
Vendor jar package name icu Low
Vendor pom url http://icu-project.org/ Highest
Vendor gradle groupid com.ibm.icu Highest
Vendor Manifest Implementation-Vendor-Id org.unicode Medium
Vendor Manifest bundle-copyright © 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html#License Low
Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low
Vendor pom groupid ibm.icu Highest
Vendor pom artifactid icu4j Low
Vendor pom description International Component for Unicode for Java (ICU4J) is a mature, widely used Java library providing Unicode and Globalization support Low
Vendor central groupid com.ibm.icu Highest
Vendor Manifest bundle-symbolicname com.ibm.icu Medium
Product pom name ICU4J High
Product central artifactid icu4j Highest
Product file name icu4j High
Product Manifest specification-title International Components for Unicode for Java Medium
Product pom url http://icu-project.org/ Medium
Product gradle artifactid icu4j Highest
Product manifest Bundle-Description International Components for Unicode for Java Medium
Product jar package name icu Low
Product pom groupid ibm.icu Low
Product Manifest Bundle-Name ICU4J Medium
Product Manifest bundle-copyright © 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html#License Low
Product Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low
Product Manifest Implementation-Title International Components for Unicode for Java High
Product pom artifactid icu4j Highest
Product pom description International Component for Unicode for Java (ICU4J) is a mature, widely used Java library providing Unicode and Globalization support Low
Product Manifest bundle-symbolicname com.ibm.icu Medium
Version central version 59.1 Highest
Version file version 59.1 Highest
Version Manifest Implementation-Version 59.1 High
Version pom version 59.1 Highest
itext-4.2.0.jar
Description: This is a build of the last MPL version of iText.
License:
GNU General Lesser Public License (LGPL) version 3.0: http://www.gnu.org/licenses/lgpl.html
Mozilla Public License Version 2.0: http://www.mozilla.org/MPL/2.0/
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.lowagie\itext\4.2.0\77e08389e3fa7b0212b67702ba6e4dbbbff68ae5\itext-4.2.0.jar
MD5: b05b5dc598a303c36affc183c4e544c1
SHA1: 77e08389e3fa7b0212b67702ba6e4dbbbff68ae5
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor central groupid com.lowagie Highest
Vendor jar package name text Low
Vendor pom artifactid itext Low
Vendor jar package name lowagie Low
Vendor gradle groupid com.lowagie Highest
Vendor jar package name pdf Low
Vendor pom url weiyeh/iText-4.2.0 Highest
Vendor pom groupid lowagie Highest
Vendor pom description This is a build of the last MPL version of iText. Medium
Vendor file name itext High
Vendor pom name iText-4.2.0 High
Product pom artifactid itext Highest
Product gradle artifactid itext Highest
Product jar package name text Low
Product jar package name pdf Low
Product central artifactid itext Highest
Product pom groupid lowagie Low
Product pom description This is a build of the last MPL version of iText. Medium
Product file name itext High
Product pom url weiyeh/iText-4.2.0 High
Product pom name iText-4.2.0 High
Version central version 4.2.0 Highest
Version file version 4.2.0 Highest
Version pom version 4.2.0 Highest
javax.mail-1.6.0.jar
Description: JavaMail API
License:
https://javaee.github.io/javamail/LICENSE
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.sun.mail\javax.mail\1.6.0\a055c648842c4954c1f7db7254f45d9ad565e278\javax.mail-1.6.0.jar
MD5: 366fc6f9f00de3224b4f6b5056ea5f77
SHA1: a055c648842c4954c1f7db7254f45d9ad565e278
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest Implementation-Vendor-Id com.sun Medium
Vendor manifest Bundle-Description JavaMail API Medium
Vendor Manifest probe-provider-xml-file-names META-INF/gfprobe-provider.xml Medium
Vendor pom parent-groupid com.sun.mail Medium
Vendor Manifest specification-vendor Oracle Low
Vendor Manifest Implementation-Vendor Oracle High
Vendor Manifest (hint) specification-vendor sun Low
Vendor Manifest bundle-symbolicname com.sun.mail.javax.mail Medium
Vendor pom parent-artifactid all Low
Vendor pom groupid sun.mail Highest
Vendor pom artifactid javax.mail Low
Vendor pom name JavaMail API High
Vendor file name javax.mail High
Vendor Manifest bundle-docurl http://www.oracle.com Low
Vendor gradle groupid com.sun.mail Highest
Vendor Manifest extension-name javax.mail Medium
Vendor Manifest (hint) Implementation-Vendor sun High
Vendor central groupid com.sun.mail Highest
Product manifest Bundle-Description JavaMail API Medium
Product Manifest Implementation-Title javax.mail High
Product pom parent-groupid com.sun.mail Low
Product pom artifactid javax.mail Highest
Product Manifest probe-provider-xml-file-names META-INF/gfprobe-provider.xml Medium
Product Manifest Bundle-Name JavaMail API Medium
Product Manifest bundle-symbolicname com.sun.mail.javax.mail Medium
Product Manifest specification-title JavaMail(TM) API Design Specification Medium
Product gradle artifactid javax.mail Highest
Product pom name JavaMail API High
Product file name javax.mail High
Product Manifest bundle-docurl http://www.oracle.com Low
Product Manifest extension-name javax.mail Medium
Product pom parent-artifactid all Medium
Product pom groupid sun.mail Low
Product central artifactid javax.mail Highest
Version file version 1.6.0 Highest
Version Manifest Implementation-Version 1.6.0 High
Version pom version 1.6.0 Highest
Version central version 1.6.0 Highest
com.springsource.com.sun.syndication-0.9.0.jar
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.sun.syndication\com.springsource.com.sun.syndication\0.9.0\2c8daab3471d3060d115cdcf4af2a88cb04744c1\com.springsource.com.sun.syndication-0.9.0.jar
MD5: 1c5121f30c06d4ec0d5c68dc5e119929
SHA1: 2c8daab3471d3060d115cdcf4af2a88cb04744c1
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name feed Low
Vendor jar package name sun Low
Vendor jar (hint) package name oracle Low
Vendor Manifest specification-vendor Sun Microsystems Low
Vendor Manifest extension-name rome Medium
Vendor file name com.springsource.com.sun.syndication High
Vendor jar package name syndication Low
Vendor Manifest bundle-symbolicname com.springsource.com.sun.syndication Medium
Vendor Manifest Implementation-Vendor Sun Microsystems High
Vendor gradle groupid com.sun.syndication Highest
Product jar package name feed Low
Product Manifest Bundle-Name ROME: RSS/Atom syndication and publishing tools Medium
Product Manifest specification-title Rss and atOM utilitiEs (ROME) Medium
Product Manifest extension-name rome Medium
Product file name com.springsource.com.sun.syndication High
Product jar package name syndication Low
Product Manifest bundle-symbolicname com.springsource.com.sun.syndication Medium
Product Manifest Implementation-Title com.sun.syndication High
Product gradle artifactid com.springsource.com.sun.syndication Highest
Version file version 0.9.0 Highest
Version Manifest Implementation-Version 0.9 High
maven: com.sun.syndication:com.springsource.com.sun.syndication:0.9.0
Confidence :Highest
xstream-1.4.10.jar
Description: XStream is a serialization library from Java objects to XML and back.
License:
http://x-stream.github.io/license.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.thoughtworks.xstream\xstream\1.4.10\dfecae23647abc9d9fd0416629a4213a3882b101\xstream-1.4.10.jar
MD5: d00eec778910f95b26201395ac64cca0
SHA1: dfecae23647abc9d9fd0416629a4213a3882b101
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest java_1_4_home /opt/blackdown-jdk-1.4.2.03 Low
Vendor Manifest x-compile-target 1.5 Low
Vendor gradle groupid com.thoughtworks.xstream Highest
Vendor pom groupid thoughtworks.xstream Highest
Vendor pom name XStream Core High
Vendor Manifest Implementation-Vendor-Id com.thoughtworks.xstream Medium
Vendor pom artifactid xstream Low
Vendor central groupid com.thoughtworks.xstream Highest
Vendor Manifest x-build-time 2017-05-23T14:28:02Z Low
Vendor Manifest java_1_7_home /opt/oracle-jdk-bin-1.7.0.80 Low
Vendor Manifest java_1_8_home /opt/oracle-jdk-bin-1.8.0.131 Low
Vendor Manifest bundle-docurl http://x-stream.github.io Low
Vendor pom parent-groupid com.thoughtworks.xstream Medium
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low
Vendor pom parent-artifactid xstream-parent Low
Vendor Manifest bundle-symbolicname xstream Medium
Vendor Manifest java_1_5_home /opt/sun-jdk-1.5.0.22 Low
Vendor manifest Bundle-Description XStream is a serialization library from Java objects to XML and back. Medium
Vendor Manifest java_1_9_home /opt/oracle-jdk-bin-1.9.0.0_beta167 Low
Vendor Manifest specification-vendor XStream Low
Vendor Manifest java_1_6_home /opt/sun-jdk-1.6.0.45 Low
Vendor Manifest Implementation-Vendor XStream High
Vendor file name xstream High
Vendor Manifest x-builder Maven 3.3.9 Low
Vendor Manifest x-compile-source 1.5 Low
Product Manifest java_1_4_home /opt/blackdown-jdk-1.4.2.03 Low
Product pom parent-groupid com.thoughtworks.xstream Low
Product Manifest x-compile-target 1.5 Low
Product Manifest Bundle-Name XStream Core Medium
Product pom name XStream Core High
Product gradle artifactid xstream Highest
Product Manifest x-build-time 2017-05-23T14:28:02Z Low
Product Manifest java_1_7_home /opt/oracle-jdk-bin-1.7.0.80 Low
Product pom parent-artifactid xstream-parent Medium
Product Manifest java_1_8_home /opt/oracle-jdk-bin-1.8.0.131 Low
Product Manifest bundle-docurl http://x-stream.github.io Low
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low
Product Manifest bundle-symbolicname xstream Medium
Product Manifest java_1_5_home /opt/sun-jdk-1.5.0.22 Low
Product pom artifactid xstream Highest
Product Manifest specification-title XStream Core Medium
Product pom groupid thoughtworks.xstream Low
Product Manifest Implementation-Title XStream Core High
Product manifest Bundle-Description XStream is a serialization library from Java objects to XML and back. Medium
Product central artifactid xstream Highest
Product Manifest java_1_9_home /opt/oracle-jdk-bin-1.9.0.0_beta167 Low
Product Manifest java_1_6_home /opt/sun-jdk-1.6.0.45 Low
Product file name xstream High
Product Manifest x-builder Maven 3.3.9 Low
Product Manifest x-compile-source 1.5 Low
Version Manifest Implementation-Version 1.4.10 High
Version central version 1.4.10 Highest
Version file version 1.4.10 Highest
Version pom version 1.4.10 Highest
commons-cli-1.3.1.jar
Description:
Apache Commons CLI provides a simple API for presenting, processing and validating a command line interface.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\commons-cli\commons-cli\1.3.1\1303efbc4b181e5a58bf2e967dc156a3132b97c0\commons-cli-1.3.1.jar
MD5: 8d5fa2a42fef17d9034b35a9ac9cc750
SHA1: 1303efbc4b181e5a58bf2e967dc156a3132b97c0
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom description Apache Commons CLI provides a simple API for presenting, processing and validating a command line interface. Low
Vendor gradle groupid commons-cli Highest
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor manifest Bundle-Description Apache Commons CLI provides a simple API for presenting, processing and validating a command line interface. Low
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor central groupid commons-cli Highest
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom parent-groupid org.apache.commons Medium
Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-cli/ Low
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low
Vendor pom artifactid commons-cli Low
Vendor pom groupid commons-cli Highest
Vendor Manifest implementation-build tags/cli-1.3.1-RC1@r1685378; 2015-06-14 10:06:05+0000 Low
Vendor pom name Apache Commons CLI High
Vendor pom parent-artifactid commons-parent Low
Vendor pom url http://commons.apache.org/proper/commons-cli/ Highest
Vendor Manifest bundle-symbolicname org.apache.commons.cli Medium
Vendor file name commons-cli High
Product pom parent-groupid org.apache.commons Low
Product pom description Apache Commons CLI provides a simple API for presenting, processing and validating a command line interface. Low
Product pom groupid commons-cli Low
Product central artifactid commons-cli Highest
Product manifest Bundle-Description Apache Commons CLI provides a simple API for presenting, processing and validating a command line interface. Low
Product Manifest bundle-docurl http://commons.apache.org/proper/commons-cli/ Low
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low
Product pom artifactid commons-cli Highest
Product gradle artifactid commons-cli Highest
Product pom parent-artifactid commons-parent Medium
Product Manifest implementation-build tags/cli-1.3.1-RC1@r1685378; 2015-06-14 10:06:05+0000 Low
Product pom name Apache Commons CLI High
Product pom url http://commons.apache.org/proper/commons-cli/ Medium
Product Manifest Bundle-Name Apache Commons CLI Medium
Product Manifest bundle-symbolicname org.apache.commons.cli Medium
Product Manifest specification-title Apache Commons CLI Medium
Product file name commons-cli High
Product Manifest Implementation-Title Apache Commons CLI High
Version Manifest Implementation-Version 1.3.1 High
Version file version 1.3.1 Highest
Version central version 1.3.1 Highest
Version pom version 1.3.1 Highest
commons-net-3.3.jar
Description:
Apache Commons Net library contains a collection of network utilities and protocol implementations.
Supported protocols include: Echo, Finger, FTP, NNTP, NTP, POP3(S), SMTP(S), Telnet, Whois
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\commons-net\commons-net\3.3\cd0d5510908225f76c5fe5a3f1df4fa44866f81e\commons-net-3.3.jar
MD5: c077ca61598e9c21f43f8b6488fbbee9
SHA1: cd0d5510908225f76c5fe5a3f1df4fa44866f81e
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom groupid commons-net Highest
Vendor pom name Commons Net High
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom parent-groupid org.apache.commons Medium
Vendor central groupid commons-net Highest
Vendor pom url http://commons.apache.org/proper/commons-net/ Highest
Vendor pom description
Apache Commons Net library contains a collection of network utilities and protocol implementations.
Supported protocols include: Echo, Finger, FTP, NNTP, NTP, POP3(S), SMTP(S), Telnet, Whois Low
Vendor Manifest bundle-symbolicname org.apache.commons.net Medium
Vendor gradle groupid commons-net Highest
Vendor manifest Bundle-Description Apache Commons Net library contains a collection of network utilities and protocol implementations.Supported protocols include: Echo, Finger, FTP, NNTP, NTP, POP3(S), SMTP(S), Telnet, Whois Low
Vendor pom parent-artifactid commons-parent Low
Vendor pom artifactid commons-net Low
Vendor Manifest implementation-build trunk@r1490851; 2013-06-07 23:49:06+0100 Low
Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-net/ Low
Vendor file name commons-net High
Product pom parent-groupid org.apache.commons Low
Product Manifest specification-title Commons Net Medium
Product pom name Commons Net High
Product Manifest Implementation-Title Commons Net High
Product pom artifactid commons-net Highest
Product pom description
Apache Commons Net library contains a collection of network utilities and protocol implementations.
Supported protocols include: Echo, Finger, FTP, NNTP, NTP, POP3(S), SMTP(S), Telnet, Whois Low
Product Manifest bundle-symbolicname org.apache.commons.net Medium
Product pom groupid commons-net Low
Product pom parent-artifactid commons-parent Medium
Product manifest Bundle-Description Apache Commons Net library contains a collection of network utilities and protocol implementations.Supported protocols include: Echo, Finger, FTP, NNTP, NTP, POP3(S), SMTP(S), Telnet, Whois Low
Product central artifactid commons-net Highest
Product Manifest Bundle-Name Commons Net Medium
Product gradle artifactid commons-net Highest
Product Manifest implementation-build trunk@r1490851; 2013-06-07 23:49:06+0100 Low
Product pom url http://commons.apache.org/proper/commons-net/ Medium
Product Manifest bundle-docurl http://commons.apache.org/proper/commons-net/ Low
Product file name commons-net High
Version Manifest Implementation-Version 3.3 High
Version pom version 3.3 Highest
Version central version 3.3 Highest
Version file version 3.3 Highest
commons-validator-1.5.1.jar
Description:
Apache Commons Validator provides the building blocks for both client side validation and server side data validation.
It may be used standalone or with a framework like Struts.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\commons-validator\commons-validator\1.5.1\86d05a46e8f064b300657f751b5a98c62807e2a0\commons-validator-1.5.1.jar
MD5: 67fad26aa0c1e884a6aa4249a6126a88
SHA1: 86d05a46e8f064b300657f751b5a98c62807e2a0
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom name Apache Commons Validator High
Vendor Manifest implementation-url http://commons.apache.org/proper/commons-validator/ Low
Vendor pom description Apache Commons Validator provides the building blocks for both client side validation and server side data validation. It may be used standalone or with a framework ... Low
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor pom groupid commons-validator Highest
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom parent-groupid org.apache.commons Medium
Vendor central groupid commons-validator Highest
Vendor gradle groupid commons-validator Highest
Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-validator/ Low
Vendor manifest Bundle-Description Apache Commons Validator provides the building blocks for both client side validation and server side data validation. It may be used standalone or with a framework ... Low
Vendor pom parent-artifactid commons-parent Low
Vendor Manifest implementation-build tags/VALIDATOR_1_5_1_RC2@r1740857; 2016-04-25 17:32:34+0000 Low
Vendor Manifest bundle-symbolicname org.apache.commons.validator Medium
Vendor file name commons-validator High
Vendor pom artifactid commons-validator Low
Vendor pom url http://commons.apache.org/proper/commons-validator/ Highest
Product pom parent-groupid org.apache.commons Low
Product Manifest specification-title Apache Commons Validator Medium
Product pom name Apache Commons Validator High
Product Manifest implementation-url http://commons.apache.org/proper/commons-validator/ Low
Product pom description Apache Commons Validator provides the building blocks for both client side validation and server side data validation. It may be used standalone or with a framework ... Low
Product pom url http://commons.apache.org/proper/commons-validator/ Medium
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Product pom artifactid commons-validator Highest
Product central artifactid commons-validator Highest
Product pom groupid commons-validator Low
Product pom parent-artifactid commons-parent Medium
Product Manifest bundle-docurl http://commons.apache.org/proper/commons-validator/ Low
Product manifest Bundle-Description Apache Commons Validator provides the building blocks for both client side validation and server side data validation. It may be used standalone or with a framework ... Low
Product Manifest implementation-build tags/VALIDATOR_1_5_1_RC2@r1740857; 2016-04-25 17:32:34+0000 Low
Product Manifest bundle-symbolicname org.apache.commons.validator Medium
Product file name commons-validator High
Product Manifest Implementation-Title Apache Commons Validator High
Product Manifest Bundle-Name Apache Commons Validator Medium
Product gradle artifactid commons-validator Highest
Version file version 1.5.1 Highest
Version Manifest Implementation-Version 1.5.1 High
Version pom version 1.5.1 Highest
Version central version 1.5.1 Highest
juel-impl-2.2.7.jar
File Path: Z:\Gradle\caches\modules-2\files-2.1\de.odysseus.juel\juel-impl\2.2.7\97958467acef4c2b230b72354a4eefc66628dd99\juel-impl-2.2.7.jar
MD5: c5d7a62edafb5706b6beadbbcfd8f57d
SHA1: 97958467acef4c2b230b72354a4eefc66628dd99
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name el Low
Vendor pom name Java Unified Expression Language Implementation High
Vendor Manifest Implementation-Vendor-Id de.odysseus Medium
Vendor gradle groupid de.odysseus.juel Highest
Vendor Manifest Implementation-Vendor Odysseus Software GmbH High
Vendor pom parent-artifactid juel-parent Low
Vendor Manifest bundle-symbolicname de.odysseus.juel-impl Medium
Vendor pom artifactid juel-impl Low
Vendor central groupid de.odysseus.juel Highest
Vendor jar package name odysseus Low
Vendor jar package name de Low
Vendor pom groupid de.odysseus.juel Highest
Vendor file name juel-impl High
Vendor Manifest specification-vendor Sun Microsystems Inc. Low
Vendor Manifest service-component OSGI-INF/services.xml Low
Product pom artifactid juel-impl Highest
Product jar package name el Low
Product pom name Java Unified Expression Language Implementation High
Product central artifactid juel-impl Highest
Product Manifest specification-title Expression Language Medium
Product jar package name tree Low
Product pom parent-artifactid juel-parent Medium
Product Manifest Implementation-Title JUEL High
Product gradle artifactid juel-impl Highest
Product Manifest bundle-symbolicname de.odysseus.juel-impl Medium
Product Manifest Bundle-Name Expression Language Implementation Medium
Product jar package name odysseus Low
Product pom groupid de.odysseus.juel Low
Product file name juel-impl High
Product Manifest service-component OSGI-INF/services.xml Low
Version file version 2.2.7 Highest
Version central version 2.2.7 Highest
Version Manifest Implementation-Version 2.2.7 High
Version pom version 2.2.7 Highest
javax.el-api-3.0.1-b04.jar
Description: Expression Language 3.0 API
License:
CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\javax.el\javax.el-api\3.0.1-b04\8c0c970b8deae5054ff0bf4b17979c8181a506d3\javax.el-api-3.0.1-b04.jar
MD5: fe9f96efeb44172a4e8a54a81c93f39d
SHA1: 8c0c970b8deae5054ff0bf4b17979c8181a506d3
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom organization url http://glassfish.org Medium
Vendor pom parent-artifactid jvnet-parent Low
Vendor Manifest bundle-symbolicname javax.el-api Medium
Vendor gradle groupid javax.el Highest
Vendor pom artifactid javax.el-api Low
Vendor Manifest Implementation-Vendor Oracle Corporation High
Vendor Manifest extension-name javax.el Medium
Vendor manifest Bundle-Description Expression Language 3.0 API Medium
Vendor Manifest specification-vendor Oracle Corporation Low
Vendor central groupid javax.el Highest
Vendor file name javax.el-api High
Vendor Manifest bundle-docurl http://glassfish.org Low
Vendor pom groupid javax.el Highest
Vendor pom url http://uel.java.net Highest
Vendor pom organization name GlassFish Community High
Vendor pom parent-groupid net.java Medium
Vendor pom name Expression Language 3.0 API High
Product pom organization url http://glassfish.org Low
Product Manifest bundle-symbolicname javax.el-api Medium
Product pom artifactid javax.el-api Highest
Product Manifest extension-name javax.el Medium
Product pom url http://uel.java.net Medium
Product pom parent-groupid net.java Low
Product central artifactid javax.el-api Highest
Product manifest Bundle-Description Expression Language 3.0 API Medium
Product file name javax.el-api High
Product Manifest bundle-docurl http://glassfish.org Low
Product pom groupid javax.el Low
Product pom organization name GlassFish Community Low
Product pom parent-artifactid jvnet-parent Medium
Product gradle artifactid javax.el-api Highest
Product Manifest Bundle-Name Expression Language 3.0 API Medium
Product pom name Expression Language 3.0 API High
Version file version 3.0.1.b04 Highest
Version central version 3.0.1-b04 Highest
Version Manifest Implementation-Version 3.0.1-b04 High
Version pom version 3.0.1-b04 Highest
Published Vulnerabilities
CVE-2013-2566 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-310 Cryptographic Issues
The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.
Vulnerable Software & Versions: (show all )
CVE-2015-2808 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-310 Cryptographic Issues
The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.
Vulnerable Software & Versions: (show all )
javax.servlet-api-4.0.0.jar
Description: Java(TM) Servlet 4.0 API Design Specification
License:
CDDL + GPLv2 with classpath exception: https://oss.oracle.com/licenses/CDDL+GPL-1.1
File Path: Z:\Gradle\caches\modules-2\files-2.1\javax.servlet\javax.servlet-api\4.0.0\60200affc2fe0165136ed3690faf00b66aed581a\javax.servlet-api-4.0.0.jar
MD5: 8b9c10f751f02aec8f10358c3b99c76d
SHA1: 60200affc2fe0165136ed3690faf00b66aed581a
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest Implementation-Vendor-Id org.glassfish Medium
Vendor Manifest bundle-symbolicname javax.servlet-api Medium
Vendor pom parent-artifactid jvnet-parent Low
Vendor manifest Bundle-Description Java(TM) Servlet 4.0 API Design Specification Medium
Vendor pom groupid javax.servlet Highest
Vendor Manifest bundle-docurl https://javaee.github.io Low
Vendor pom organization url https://javaee.github.io Medium
Vendor pom name Java Servlet API High
Vendor pom artifactid javax.servlet-api Low
Vendor file name javax.servlet-api High
Vendor Manifest specification-vendor Oracle Corporation Low
Vendor central groupid javax.servlet Highest
Vendor Manifest extension-name javax.servlet Medium
Vendor gradle groupid javax.servlet Highest
Vendor Manifest Implementation-Vendor GlassFish Community High
Vendor pom url https://javaee.github.io/servlet-spec/ Highest
Vendor pom organization name GlassFish Community High
Vendor pom parent-groupid net.java Medium
Product Manifest bundle-symbolicname javax.servlet-api Medium
Product pom artifactid javax.servlet-api Highest
Product manifest Bundle-Description Java(TM) Servlet 4.0 API Design Specification Medium
Product Manifest Bundle-Name Java Servlet API Medium
Product pom organization url https://javaee.github.io Low
Product Manifest bundle-docurl https://javaee.github.io Low
Product pom name Java Servlet API High
Product pom url https://javaee.github.io/servlet-spec/ Medium
Product gradle artifactid javax.servlet-api Highest
Product pom parent-groupid net.java Low
Product file name javax.servlet-api High
Product Manifest extension-name javax.servlet Medium
Product pom organization name GlassFish Community Low
Product pom parent-artifactid jvnet-parent Medium
Product pom groupid javax.servlet Low
Product central artifactid javax.servlet-api Highest
Version Manifest Implementation-Version 4.0.0 High
Version pom version 4.0.0 Highest
Version central version 4.0.0 Highest
Version file version 4.0.0 Highest
javax.servlet.jsp-api-2.3.0.jar
Description: Java.net - The Source for Java Technology Collaboration
License:
CDDL + GPLv2 with classpath exception: http://glassfish.dev.java.net/nonav/public/CDDL+GPL.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\javax.servlet.jsp\javax.servlet.jsp-api\2.3.0\3795334f4306b194003e16dfba4111a0467a49bd\javax.servlet.jsp-api-2.3.0.jar
MD5: 53f58345d415a6150e5945a6875a0ce9
SHA1: 3795334f4306b194003e16dfba4111a0467a49bd
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor file name javax.servlet.jsp-api High
Vendor pom organization url http://glassfish.org Medium
Vendor pom artifactid javax.servlet.jsp-api Low
Vendor pom parent-artifactid jvnet-parent Low
Vendor central groupid javax.servlet.jsp Highest
Vendor manifest Bundle-Description Java.net - The Source for Java Technology Collaboration Medium
Vendor pom name JavaServer Pages(TM) API High
Vendor gradle groupid javax.servlet.jsp Highest
Vendor Manifest Implementation-Vendor Oracle Corporation High
Vendor Manifest extension-name javax.servlet.jsp Medium
Vendor Manifest bundle-symbolicname javax.servlet.jsp-api Medium
Vendor pom groupid javax.servlet.jsp Highest
Vendor Manifest specification-vendor Oracle Corporation Low
Vendor Manifest bundle-docurl http://glassfish.org Low
Vendor pom url http://jsp.java.net Highest
Vendor pom organization name GlassFish Community High
Vendor pom parent-groupid net.java Medium
Product file name javax.servlet.jsp-api High
Product pom groupid javax.servlet.jsp Low
Product pom organization url http://glassfish.org Low
Product manifest Bundle-Description Java.net - The Source for Java Technology Collaboration Medium
Product pom name JavaServer Pages(TM) API High
Product Manifest extension-name javax.servlet.jsp Medium
Product pom url http://jsp.java.net Medium
Product Manifest bundle-symbolicname javax.servlet.jsp-api Medium
Product Manifest Bundle-Name JavaServer Pages(TM) API Medium
Product pom parent-groupid net.java Low
Product pom artifactid javax.servlet.jsp-api Highest
Product Manifest bundle-docurl http://glassfish.org Low
Product pom organization name GlassFish Community Low
Product pom parent-artifactid jvnet-parent Medium
Product gradle artifactid javax.servlet.jsp-api Highest
Product central artifactid javax.servlet.jsp-api Highest
Version Manifest Implementation-Version 2.3.0 High
Version file version 2.3.0 Highest
Version central version 2.3.0 Highest
Version pom version 2.3.0 Highest
ical4j-1.0-rc3-atlassian-11.jar
Description:
A Java library for reading and writing iCalendar (*.ics) files
License:
iCal4j - License: LICENSE
File Path: Z:\Gradle\caches\modules-2\files-2.1\net.fortuna.ical4j\ical4j\1.0-rc3-atlassian-11\cc4aa02f5cc8773876aad173517d20438b1b60ea\ical4j-1.0-rc3-atlassian-11.jar
MD5: 62338bf588ceb0a7404746cd751f5db9
SHA1: cc4aa02f5cc8773876aad173517d20438b1b60ea
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom artifactid ical4j Low
Vendor file name ical4j High
Vendor manifest Bundle-Description A Java library for reading and writing iCalendar (*.ics) files Medium
Vendor Manifest bundle-symbolicname net.fortuna.ical4j Medium
Vendor pom url http://ical4j.sourceforge.net Highest
Vendor pom groupid net.fortuna.ical4j Highest
Vendor gradle groupid net.fortuna.ical4j Highest
Vendor pom name iCal4j High
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.4))" Low
Vendor pom description
A Java library for reading and writing iCalendar (*.ics) files
Medium
Product pom url http://ical4j.sourceforge.net Medium
Product pom artifactid ical4j Highest
Product file name ical4j High
Product manifest Bundle-Description A Java library for reading and writing iCalendar (*.ics) files Medium
Product Manifest bundle-symbolicname net.fortuna.ical4j Medium
Product Manifest Bundle-Name iCal4j Medium
Product pom name iCal4j High
Product pom groupid net.fortuna.ical4j Low
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.4))" Low
Product gradle artifactid ical4j Highest
Product pom description
A Java library for reading and writing iCalendar (*.ics) files
Medium
Version Manifest Bundle-Version 1.0.0.rc3-atlassian-11 High
Version pom version 1.0-rc3-atlassian-11 Highest
Version file name ical4j Medium
Version gradle version 1.0-rc3-atlassian-11 Highest
Version file version 1.0.rc3 Highest
maven: net.fortuna.ical4j:ical4j:1.0-rc3-atlassian-11
Confidence :Highest
ant-junit-1.10.1.jar
Description: contains the junit and junirreport tasks
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.ant\ant-junit\1.10.1\57b1c4a50a9095e95b3ce2ef8ccdceb945f7bb20\ant-junit-1.10.1.jar
MD5: c8510a39e471aaf847cc923d62c5abc4
SHA1: 57b1c4a50a9095e95b3ce2ef8ccdceb945f7bb20
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name apache Low
Vendor pom description contains the junit and junirreport tasks Medium
Vendor jar package name ant Low
Vendor pom artifactid ant-junit Low
Vendor gradle groupid org.apache.ant Highest
Vendor central groupid org.apache.ant Highest
Vendor manifest: org/apache/tools/ant/taskdefs/optional/ Implementation-Vendor Apache Software Foundation Medium
Vendor file name ant-junit High
Vendor pom parent-groupid org.apache.ant Medium
Vendor pom url http://ant.apache.org/ Highest
Vendor pom parent-artifactid ant-parent Low
Vendor jar package name tools Low
Vendor pom name Apache Ant + JUnit High
Vendor pom groupid apache.ant Highest
Product manifest: org/apache/tools/ant/taskdefs/optional/ Specification-Title Apache Ant Medium
Product central artifactid ant-junit Highest
Product pom description contains the junit and junirreport tasks Medium
Product pom groupid apache.ant Low
Product jar package name ant Low
Product pom parent-artifactid ant-parent Medium
Product gradle artifactid ant-junit Highest
Product file name ant-junit High
Product manifest: org/apache/tools/ant/taskdefs/optional/ Implementation-Title org.apache.tools.ant Medium
Product jar package name taskdefs Low
Product jar package name tools Low
Product pom name Apache Ant + JUnit High
Product pom artifactid ant-junit Highest
Product pom url http://ant.apache.org/ Medium
Product pom parent-groupid org.apache.ant Low
Version file version 1.10.1 Highest
Version central version 1.10.1 Highest
Version pom version 1.10.1 Highest
axis2-kernel-1.7.6.jar
Description: Core Parts of Axis2. This includes Axis2 engine, Client API, Addressing support, etc.,
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.axis2\axis2-kernel\1.7.6\aa2e05c5dc080f7089072d17acfb9b1a50d8bda9\axis2-kernel-1.7.6.jar
MD5: 3d655a2359c7fc00b67bd951d10b2281
SHA1: aa2e05c5dc080f7089072d17acfb9b1a50d8bda9
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor file name axis2-kernel High
Vendor pom artifactid axis2-kernel Low
Vendor central groupid org.apache.axis2 Highest
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor Manifest Implementation-Vendor-Id org.apache.axis2 Medium
Vendor pom description Core Parts of Axis2. This includes Axis2 engine, Client API, Addressing support, etc.,
Medium
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom parent-groupid org.apache.axis2 Medium
Vendor gradle groupid org.apache.axis2 Highest
Vendor pom url http://axis.apache.org/axis2/java/core/ Highest
Vendor pom parent-artifactid axis2 Low
Vendor pom groupid apache.axis2 Highest
Vendor pom name Apache Axis2 - Kernel High
Product file name axis2-kernel High
Product pom url http://axis.apache.org/axis2/java/core/ Medium
Product pom description Core Parts of Axis2. This includes Axis2 engine, Client API, Addressing support, etc.,
Medium
Product central artifactid axis2-kernel Highest
Product pom groupid apache.axis2 Low
Product pom parent-groupid org.apache.axis2 Low
Product pom artifactid axis2-kernel Highest
Product Manifest specification-title Apache Axis2 - Kernel Medium
Product pom parent-artifactid axis2 Medium
Product pom name Apache Axis2 - Kernel High
Product gradle artifactid axis2-kernel Highest
Product Manifest Implementation-Title Apache Axis2 - Kernel High
Version file version 1.7.6 Highest
Version central version 1.7.6 Highest
Version Manifest Implementation-Version 1.7.6 High
Version pom version 1.7.6 Highest
Published Vulnerabilities
CVE-2012-4418 suppress
Severity:
Medium
CVSS Score: 5.8
(AV:N/AC:M/Au:N/C:P/I:P/A:N)
CWE: CWE-287 Improper Authentication
Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
Vulnerable Software & Versions:
CVE-2012-5351 suppress
Severity:
Medium
CVSS Score: 6.4
(AV:N/AC:L/Au:N/C:P/I:P/A:N)
CWE: CWE-287 Improper Authentication
Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
Vulnerable Software & Versions:
commons-collections4-4.1.jar
Description: The Apache Commons Collections package contains types that extend and augment the Java Collections Framework.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.commons\commons-collections4\4.1\a4cf4688fe1c7e3a63aa636cc96d013af537768e\commons-collections4-4.1.jar
MD5: 45af6a8e5b51d5945de6c7411e290bd1
SHA1: a4cf4688fe1c7e3a63aa636cc96d013af537768e
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom name Apache Commons Collections High
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Vendor manifest Bundle-Description The Apache Commons Collections package contains types that extend and augment the Java Collections Framework. Low
Vendor pom groupid apache.commons Highest
Vendor Manifest bundle-symbolicname org.apache.commons.collections4 Medium
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom parent-groupid org.apache.commons Medium
Vendor pom url http://commons.apache.org/proper/commons-collections/ Highest
Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-collections/ Low
Vendor central groupid org.apache.commons Highest
Vendor Manifest implementation-build tags/COLLECTIONS_4_1_RC2@r1716550; 2015-11-25 22:53:13+0100 Low
Vendor pom parent-artifactid commons-parent Low
Vendor file name commons-collections4 High
Vendor pom description The Apache Commons Collections package contains types that extend and augment the Java Collections Framework. Low
Vendor pom artifactid commons-collections4 Low
Vendor gradle groupid org.apache.commons Highest
Product Manifest specification-title Apache Commons Collections Medium
Product pom parent-groupid org.apache.commons Low
Product pom name Apache Commons Collections High
Product gradle artifactid commons-collections4 Highest
Product pom url http://commons.apache.org/proper/commons-collections/ Medium
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Product Manifest Implementation-Title Apache Commons Collections High
Product manifest Bundle-Description The Apache Commons Collections package contains types that extend and augment the Java Collections Framework. Low
Product Manifest bundle-symbolicname org.apache.commons.collections4 Medium
Product Manifest Bundle-Name Apache Commons Collections Medium
Product central artifactid commons-collections4 Highest
Product Manifest bundle-docurl http://commons.apache.org/proper/commons-collections/ Low
Product pom parent-artifactid commons-parent Medium
Product pom artifactid commons-collections4 Highest
Product Manifest implementation-build tags/COLLECTIONS_4_1_RC2@r1716550; 2015-11-25 22:53:13+0100 Low
Product file name commons-collections4 High
Product pom groupid apache.commons Low
Product pom description The Apache Commons Collections package contains types that extend and augment the Java Collections Framework. Low
Version pom version 4.1 Highest
Version Manifest Implementation-Version 4.1 High
Version central version 4.1 Highest
Version file version 4.1 Highest
commons-csv-1.5.jar
Description:
The Apache Commons CSV library provides a simple interface for reading and writing
CSV files of various types.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.commons\commons-csv\1.5\e10f140af5b82167640f254fa9d88e35ad74329c\commons-csv-1.5.jar
MD5: 8e11b04e6025a0598e96f3e45957596d
SHA1: e10f140af5b82167640f254fa9d88e35ad74329c
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom artifactid commons-csv Low
Vendor Manifest implementation-build release@rf76a1357057cd3caaf9b0904d9cc57ce384658a3; 2017-08-26 23:14:35+0000 Low
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor pom url http://commons.apache.org/proper/commons-csv/ Highest
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor pom groupid apache.commons Highest
Vendor Manifest bundle-symbolicname org.apache.commons.csv Medium
Vendor manifest Bundle-Description The Apache Commons CSV library provides a simple interface for reading and writingCSV files of various types. Low
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom parent-groupid org.apache.commons Medium
Vendor pom name Apache Commons CSV High
Vendor file name commons-csv High
Vendor central groupid org.apache.commons Highest
Vendor pom description
The Apache Commons CSV library provides a simple interface for reading and writing
CSV files of various types. Low
Vendor pom parent-artifactid commons-parent Low
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Vendor gradle groupid org.apache.commons Highest
Vendor Manifest implementation-url http://commons.apache.org/proper/commons-csv/ Low
Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-csv/ Low
Product pom parent-groupid org.apache.commons Low
Product Manifest Implementation-Title Apache Commons CSV High
Product gradle artifactid commons-csv Highest
Product Manifest implementation-build release@rf76a1357057cd3caaf9b0904d9cc57ce384658a3; 2017-08-26 23:14:35+0000 Low
Product Manifest bundle-symbolicname org.apache.commons.csv Medium
Product manifest Bundle-Description The Apache Commons CSV library provides a simple interface for reading and writingCSV files of various types. Low
Product pom name Apache Commons CSV High
Product Manifest specification-title Apache Commons CSV Medium
Product file name commons-csv High
Product Manifest Bundle-Name Apache Commons CSV Medium
Product pom artifactid commons-csv Highest
Product pom parent-artifactid commons-parent Medium
Product pom description
The Apache Commons CSV library provides a simple interface for reading and writing
CSV files of various types. Low
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Product pom groupid apache.commons Low
Product central artifactid commons-csv Highest
Product Manifest implementation-url http://commons.apache.org/proper/commons-csv/ Low
Product Manifest bundle-docurl http://commons.apache.org/proper/commons-csv/ Low
Product pom url http://commons.apache.org/proper/commons-csv/ Medium
Version Manifest Implementation-Version 1.5 High
Version pom version 1.5 Highest
Version central version 1.5 Highest
Version file version 1.5 Highest
commons-dbcp2-2.1.1.jar
Description: Apache Commons DBCP software implements Database Connection Pooling
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.commons\commons-dbcp2\2.1.1\c4f4a76171671ccf293be8995a498eab7fa8ed24\commons-dbcp2-2.1.1.jar
MD5: 298897b1e785b933b0522351871cf7ae
SHA1: c4f4a76171671ccf293be8995a498eab7fa8ed24
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor manifest Bundle-Description Apache Commons DBCP software implements Database Connection Pooling Medium
Vendor pom artifactid commons-dbcp2 Low
Vendor file name commons-dbcp2 High
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor pom url http://commons.apache.org/dbcp/ Highest
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor pom groupid apache.commons Highest
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom parent-groupid org.apache.commons Medium
Vendor Manifest bundle-symbolicname org.apache.commons.dbcp2 Medium
Vendor pom name Apache Commons DBCP High
Vendor pom description Apache Commons DBCP software implements Database Connection Pooling Medium
Vendor central groupid org.apache.commons Highest
Vendor pom parent-artifactid commons-parent Low
Vendor gradle groupid org.apache.commons Highest
Vendor Manifest bundle-docurl http://commons.apache.org/dbcp/ Low
Vendor Manifest implementation-build tags/DBCP_2_1_1_RC1@r1693845; 2015-08-03 00:33:18+0000 Low
Product manifest Bundle-Description Apache Commons DBCP software implements Database Connection Pooling Medium
Product pom parent-groupid org.apache.commons Low
Product file name commons-dbcp2 High
Product gradle artifactid commons-dbcp2 Highest
Product Manifest specification-title Apache Commons DBCP Medium
Product Manifest bundle-symbolicname org.apache.commons.dbcp2 Medium
Product Manifest Implementation-Title Apache Commons DBCP High
Product pom name Apache Commons DBCP High
Product Manifest Bundle-Name Apache Commons DBCP Medium
Product pom parent-artifactid commons-parent Medium
Product pom description Apache Commons DBCP software implements Database Connection Pooling Medium
Product pom artifactid commons-dbcp2 Highest
Product pom groupid apache.commons Low
Product Manifest bundle-docurl http://commons.apache.org/dbcp/ Low
Product Manifest implementation-build tags/DBCP_2_1_1_RC1@r1693845; 2015-08-03 00:33:18+0000 Low
Product pom url http://commons.apache.org/dbcp/ Medium
Product central artifactid commons-dbcp2 Highest
Version Manifest Implementation-Version 2.1.1 High
Version pom version 2.1.1 Highest
Version central version 2.1.1 Highest
Version file version 2.1.1 Highest
geronimo-transaction-3.1.4.jar
Description: Apache Geronimo Transaction Manager
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.geronimo.components\geronimo-transaction\3.1.4\7db43d2032d5f38a47a39801903df8c97bd54155\geronimo-transaction-3.1.4.jar
MD5: 006175afd65d98a99b47ce08f972ec91
SHA1: 7db43d2032d5f38a47a39801903df8c97bd54155
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor gradle groupid org.apache.geronimo.components Highest
Vendor pom description Apache Geronimo Transaction Manager Medium
Vendor pom url http://geronimo.apache.org/maven/${siteId}/${project.version} Highest
Vendor file name geronimo-transaction High
Vendor pom groupid apache.geronimo.components Highest
Vendor pom artifactid geronimo-transaction Low
Vendor central groupid org.apache.geronimo.components Highest
Vendor pom name Geronimo TxManager :: Transaction High
Vendor pom parent-artifactid geronimo-txmanager-parent Low
Vendor manifest Bundle-Description Apache Geronimo Transaction Manager Medium
Vendor Manifest bundle-docurl http://geronimo.apache.org/maven/components/geronimo-transaction/3.1.4 Low
Vendor pom parent-groupid org.apache.geronimo.components Medium
Vendor Manifest bundle-symbolicname org.apache.geronimo.components.geronimo-transaction Medium
Product pom groupid apache.geronimo.components Low
Product pom parent-groupid org.apache.geronimo.components Low
Product Manifest Bundle-Name Geronimo TxManager :: Transaction Medium
Product pom description Apache Geronimo Transaction Manager Medium
Product pom url http://geronimo.apache.org/maven/${siteId}/${project.version} Medium
Product Manifest Implementation-Title Geronimo TxManager :: Transaction High
Product file name geronimo-transaction High
Product gradle artifactid geronimo-transaction Highest
Product pom name Geronimo TxManager :: Transaction High
Product manifest Bundle-Description Apache Geronimo Transaction Manager Medium
Product Manifest bundle-docurl http://geronimo.apache.org/maven/components/geronimo-transaction/3.1.4 Low
Product pom parent-artifactid geronimo-txmanager-parent Medium
Product central artifactid geronimo-transaction Highest
Product Manifest bundle-symbolicname org.apache.geronimo.components.geronimo-transaction Medium
Product pom artifactid geronimo-transaction Highest
Version pom version 3.1.4 Highest
Version Manifest Implementation-Version 3.1.4 High
Version file version 3.1.4 Highest
Version central version 3.1.4 Highest
Published Vulnerabilities
CVE-2008-0732 suppress
Severity:
Low
CVSS Score: 2.1
(AV:L/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-59 Improper Link Resolution Before File Access ('Link Following')
The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
Vulnerable Software & Versions:
geronimo-jms_1.1_spec-1.1.1.jar
Description: Provides open-source implementations of Sun specifications.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.geronimo.specs\geronimo-jms_1.1_spec\1.1.1\c872b46c601d8dc03633288b81269f9e42762cea\geronimo-jms_1.1_spec-1.1.1.jar
MD5: d80ce71285696d36c1add1989b94f084
SHA1: c872b46c601d8dc03633288b81269f9e42762cea
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom artifactid geronimo-jms_1.1_spec Low
Vendor pom parent-artifactid specs Low
Vendor file name geronimo-jms_1.1_spec-1.1.1 High
Vendor manifest Bundle-Description Provides open-source implementations of Sun specifications. Medium
Vendor central groupid org.apache.geronimo.specs Highest
Vendor pom parent-groupid org.apache.geronimo.specs Medium
Vendor gradle groupid org.apache.geronimo.specs Highest
Vendor pom groupid apache.geronimo.specs Highest
Vendor Manifest bundle-symbolicname org.apache.geronimo.specs.geronimo-jms_1.1_spec Medium
Vendor Manifest bundle-docurl http://www.apache.org Low
Vendor pom name JMS 1.1 High
Product Manifest Implementation-Title Apache Geronimo High
Product gradle artifactid geronimo-jms_1.1_spec Highest
Product file name geronimo-jms_1.1_spec-1.1.1 High
Product manifest Bundle-Description Provides open-source implementations of Sun specifications. Medium
Product pom parent-artifactid specs Medium
Product pom groupid apache.geronimo.specs Low
Product central artifactid geronimo-jms_1.1_spec Highest
Product Manifest bundle-symbolicname org.apache.geronimo.specs.geronimo-jms_1.1_spec Medium
Product Manifest Bundle-Name geronimo-jms_1.1_spec Medium
Product pom parent-groupid org.apache.geronimo.specs Low
Product pom artifactid geronimo-jms_1.1_spec Highest
Product Manifest bundle-docurl http://www.apache.org Low
Product pom name JMS 1.1 High
Version Manifest Implementation-Version 1.1.1 High
Version pom version 1.1.1 Highest
Version central version 1.1.1 Highest
httpclient-cache-4.5.3.jar
Description:
Apache HttpComponents HttpClient - Cache
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.httpcomponents\httpclient-cache\4.5.3\baa6474c7f9b9f027a02fbbee375263ac482e343\httpclient-cache-4.5.3.jar
MD5: cf3f254ca1228dd59818a2dff708e247
SHA1: baa6474c7f9b9f027a02fbbee375263ac482e343
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest implementation-build tags/4.5.3-RC1/httpclient-cache@r1779741; 2017-01-21 16:58:35+0100 Low
Vendor pom url http://hc.apache.org/httpcomponents-client Highest
Vendor file name httpclient-cache High
Vendor pom parent-groupid org.apache.httpcomponents Medium
Vendor gradle groupid org.apache.httpcomponents Highest
Vendor Manifest url http://hc.apache.org/httpcomponents-client Low
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor pom name Apache HttpClient Cache High
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom artifactid httpclient-cache Low
Vendor pom description
Apache HttpComponents HttpClient - Cache
Medium
Vendor central groupid org.apache.httpcomponents Highest
Vendor pom groupid apache.httpcomponents Highest
Vendor pom parent-artifactid httpcomponents-client Low
Product Manifest implementation-build tags/4.5.3-RC1/httpclient-cache@r1779741; 2017-01-21 16:58:35+0100 Low
Product file name httpclient-cache High
Product pom parent-groupid org.apache.httpcomponents Low
Product Manifest url http://hc.apache.org/httpcomponents-client Low
Product pom groupid apache.httpcomponents Low
Product gradle artifactid httpclient-cache Highest
Product pom name Apache HttpClient Cache High
Product pom description
Apache HttpComponents HttpClient - Cache
Medium
Product pom parent-artifactid httpcomponents-client Medium
Product pom url http://hc.apache.org/httpcomponents-client Medium
Product pom artifactid httpclient-cache Highest
Product Manifest specification-title HttpComponents Apache HttpClient Cache Medium
Product central artifactid httpclient-cache Highest
Product Manifest Implementation-Title HttpComponents Apache HttpClient Cache High
Version file version 4.5.3 Highest
Version Manifest Implementation-Version 4.5.3 High
Version pom version 4.5.3 Highest
Version central version 4.5.3 Highest
log4j-api-2.9.1.jar
Description: The Apache Log4j API
License:
https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.logging.log4j\log4j-api\2.9.1\7a2999229464e7a324aa503c0a52ec0f05efe7bd\log4j-api-2.9.1.jar
MD5: 20f0b4e1a16bd2030f0acc2b277cb16f
SHA1: 7a2999229464e7a324aa503c0a52ec0f05efe7bd
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom groupid apache.logging.log4j Highest
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor pom description The Apache Log4j API Medium
Vendor Manifest log4jreleasemanager Ralph Goers Low
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor pom parent-groupid org.apache.logging.log4j Medium
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor Manifest implementation-url https://logging.apache.org/log4j/2.x/log4j-api/ Low
Vendor gradle groupid org.apache.logging.log4j Highest
Vendor file name log4j-api High
Vendor Manifest bundle-symbolicname org.apache.logging.log4j.api Medium
Vendor Manifest bundle-docurl https://www.apache.org/ Low
Vendor pom parent-artifactid log4j Low
Vendor pom name Apache Log4j API High
Vendor manifest Bundle-Description The Apache Log4j API Medium
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Vendor central groupid org.apache.logging.log4j Highest
Vendor pom artifactid log4j-api Low
Product Manifest Bundle-Name Apache Log4j API Medium
Product pom description The Apache Log4j API Medium
Product Manifest log4jreleasemanager Ralph Goers Low
Product central artifactid log4j-api Highest
Product pom parent-groupid org.apache.logging.log4j Low
Product pom artifactid log4j-api Highest
Product Manifest Implementation-Title Apache Log4j API High
Product Manifest specification-title Apache Log4j API Medium
Product Manifest implementation-url https://logging.apache.org/log4j/2.x/log4j-api/ Low
Product pom parent-artifactid log4j Medium
Product file name log4j-api High
Product Manifest bundle-symbolicname org.apache.logging.log4j.api Medium
Product Manifest bundle-docurl https://www.apache.org/ Low
Product pom groupid apache.logging.log4j Low
Product pom name Apache Log4j API High
Product manifest Bundle-Description The Apache Log4j API Medium
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Product gradle artifactid log4j-api Highest
Version Manifest Implementation-Version 2.9.1 High
Version pom version 2.9.1 Highest
Version central version 2.9.1 Highest
Version file version 2.9.1 Highest
poi-3.17.jar
Description: Apache POI - Java API To Access Microsoft Format Files
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.poi\poi\3.17\ae92292a2043888b40d418da97dc0b669fde326\poi-3.17.jar
MD5: 243bc3d431e4fadb79738719504c64f7
SHA1: 0ae92292a2043888b40d418da97dc0b669fde326
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor gradle groupid org.apache.poi Highest
Vendor jar package name apache Low
Vendor pom artifactid poi Low
Vendor pom description Apache POI - Java API To Access Microsoft Format Files Medium
Vendor file name poi High
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor central groupid org.apache.poi Highest
Vendor pom organization url http://www.apache.org/ Medium
Vendor Manifest Implementation-Vendor-Id org.apache.poi Medium
Vendor pom organization name Apache Software Foundation High
Vendor pom url http://poi.apache.org/ Highest
Vendor pom groupid apache.poi Highest
Vendor pom name Apache POI High
Vendor jar package name poi Low
Product pom groupid apache.poi Low
Product gradle artifactid poi Highest
Product pom description Apache POI - Java API To Access Microsoft Format Files Medium
Product file name poi High
Product Manifest Implementation-Title Apache POI High
Product Manifest specification-title Apache POI Medium
Product pom organization url http://www.apache.org/ Low
Product pom artifactid poi Highest
Product central artifactid poi Highest
Product pom name Apache POI High
Product pom organization name Apache Software Foundation Low
Product pom url http://poi.apache.org/ Medium
Product jar package name poi Low
Version pom version 3.17 Highest
Version file version 3.17 Highest
Version central version 3.17 Highest
Version Manifest Implementation-Version 3.17 High
shiro-core-1.4.0.jar
Description: Apache Shiro is a powerful and flexible open-source security framework that cleanly handles authentication, authorization, enterprise session management, single sign-on and cryptography services.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.shiro\shiro-core\1.4.0\6d05bd17e057fc12d278bb367c27f9cb0f3dc197\shiro-core-1.4.0.jar
MD5: 1268db1dcfc96e6ad1a297bda1e03eea
SHA1: 6d05bd17e057fc12d278bb367c27f9cb0f3dc197
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor file name shiro-core High
Vendor Manifest bundle-symbolicname org.apache.shiro.core Medium
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor pom parent-artifactid shiro-root Low
Vendor pom parent-groupid org.apache.shiro Medium
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Vendor manifest Bundle-Description Apache Shiro is a powerful and flexible open-source security framework that cleanly handles authentication, authorization, enterprise session management, single sign-on and cryptography services. Low
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor Manifest bundle-docurl https://www.apache.org/ Low
Vendor pom groupid apache.shiro Highest
Vendor gradle groupid org.apache.shiro Highest
Vendor pom name Apache Shiro :: Core High
Vendor pom artifactid shiro-core Low
Vendor Manifest Implementation-Vendor-Id org.apache.shiro Medium
Vendor central groupid org.apache.shiro Highest
Product file name shiro-core High
Product Manifest bundle-symbolicname org.apache.shiro.core Medium
Product pom artifactid shiro-core Highest
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Product manifest Bundle-Description Apache Shiro is a powerful and flexible open-source security framework that cleanly handles authentication, authorization, enterprise session management, single sign-on and cryptography services. Low
Product pom parent-groupid org.apache.shiro Low
Product pom parent-artifactid shiro-root Medium
Product pom groupid apache.shiro Low
Product Manifest specification-title Apache Shiro :: Core Medium
Product central artifactid shiro-core Highest
Product Manifest bundle-docurl https://www.apache.org/ Low
Product Manifest Implementation-Title Apache Shiro :: Core High
Product Manifest Bundle-Name Apache Shiro :: Core Medium
Product gradle artifactid shiro-core Highest
Product pom name Apache Shiro :: Core High
Version file version 1.4.0 Highest
Version central version 1.4.0 Highest
Version Manifest Implementation-Version 1.4.0 High
Version pom version 1.4.0 Highest
tika-core-1.16.jar
Description: This is the core Apache Tika™ toolkit library from which all other modules inherit functionality. It also
includes the core facades for the Tika API.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.tika\tika-core\1.16\7b75cb2b65f6d014b6a3e4793835f5759168c34e\tika-core-1.16.jar
MD5: fba5e9c7dcab53acece0146387e9d49b
SHA1: 7b75cb2b65f6d014b6a3e4793835f5759168c34e
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor file name tika-core High
Vendor central groupid org.apache.tika Highest
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor Manifest Implementation-Vendor-Id org.apache.tika Medium
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor manifest Bundle-Description This is the core Apache Tika™ toolkit library from which all other modules inherit functionality. It also includes the core facades for the Tika API. Low
Vendor pom parent-groupid org.apache.tika Medium
Vendor gradle groupid org.apache.tika Highest
Vendor Manifest bundle-docurl http://tika.apache.org/ Low
Vendor pom url http://tika.apache.org/ Highest
Vendor pom organization name The Apache Software Foundation High
Vendor pom groupid apache.tika Highest
Vendor pom description This is the core Apache Tika™ toolkit library from which all other modules inherit functionality. It also includes the core facades for the Tika API. Low
Vendor pom artifactid tika-core Low
Vendor pom name Apache Tika core High
Vendor pom organization url http://www.apache.org Medium
Vendor Manifest bundle-symbolicname org.apache.tika.core Medium
Vendor pom parent-artifactid tika-parent Low
Product pom url http://tika.apache.org/ Medium
Product central artifactid tika-core Highest
Product file name tika-core High
Product gradle artifactid tika-core Highest
Product manifest Bundle-Description This is the core Apache Tika™ toolkit library from which all other modules inherit functionality. It also includes the core facades for the Tika API. Low
Product pom parent-groupid org.apache.tika Low
Product pom groupid apache.tika Low
Product Manifest bundle-docurl http://tika.apache.org/ Low
Product Manifest Bundle-Name Apache Tika core Medium
Product Manifest Implementation-Title Apache Tika core High
Product Manifest specification-title Apache Tika core Medium
Product pom artifactid tika-core Highest
Product pom description This is the core Apache Tika™ toolkit library from which all other modules inherit functionality. It also includes the core facades for the Tika API. Low
Product pom parent-artifactid tika-parent Medium
Product pom name Apache Tika core High
Product Manifest bundle-symbolicname org.apache.tika.core Medium
Product pom organization url http://www.apache.org Low
Product pom organization name The Apache Software Foundation Low
Version Manifest Implementation-Version 1.16 High
Version pom version 1.16 Highest
Version file version 1.16 Highest
Version central version 1.16 Highest
tika-parsers-1.16.jar
Description: Apache Tika is a toolkit for detecting and extracting metadata and structured text content from various documents using existing parser libraries.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.tika\tika-parsers\1.16\bececafbe32c013eae8d3f3cf10d28b136a6f9d7\tika-parsers-1.16.jar
MD5: 09792354871d704ba970b056868ff4e4
SHA1: bececafbe32c013eae8d3f3cf10d28b136a6f9d7
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom artifactid tika-parsers Low
Vendor central groupid org.apache.tika Highest
Vendor file name tika-parsers High
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor Manifest Implementation-Vendor-Id org.apache.tika Medium
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor Manifest bundle-symbolicname org.apache.tika.parsers Medium
Vendor pom parent-groupid org.apache.tika Medium
Vendor gradle groupid org.apache.tika Highest
Vendor manifest Bundle-Description Apache Tika is a toolkit for detecting and extracting metadata and structured text content from various documents using existing parser libraries. Low
Vendor Manifest bundle-docurl http://tika.apache.org/ Low
Vendor pom url http://tika.apache.org/ Highest
Vendor pom organization name The Apache Software Foundation High
Vendor pom groupid apache.tika Highest
Vendor pom organization url http://www.apache.org Medium
Vendor pom parent-artifactid tika-parent Low
Vendor pom name Apache Tika parsers High
Product pom url http://tika.apache.org/ Medium
Product gradle artifactid tika-parsers Highest
Product file name tika-parsers High
Product pom parent-groupid org.apache.tika Low
Product Manifest bundle-symbolicname org.apache.tika.parsers Medium
Product pom groupid apache.tika Low
Product Manifest specification-title Apache Tika parsers Medium
Product manifest Bundle-Description Apache Tika is a toolkit for detecting and extracting metadata and structured text content from various documents using existing parser libraries. Low
Product Manifest bundle-docurl http://tika.apache.org/ Low
Product pom artifactid tika-parsers Highest
Product central artifactid tika-parsers Highest
Product Manifest Implementation-Title Apache Tika parsers High
Product pom parent-artifactid tika-parent Medium
Product pom organization url http://www.apache.org Low
Product Manifest Bundle-Name Apache Tika parsers Medium
Product pom organization name The Apache Software Foundation Low
Product pom name Apache Tika parsers High
Version Manifest Implementation-Version 1.16 High
Version pom version 1.16 Highest
Version file version 1.16 Highest
Version central version 1.16 Highest
tomcat-catalina-ha-8.5.23.jar
Description: Tomcat High Availability Implementation
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.tomcat\tomcat-catalina-ha\8.5.23\46e35742794a7a2e376b13301a75923e105a432e\tomcat-catalina-ha-8.5.23.jar
MD5: 4dca4b1e0536cf7e71787cbb63c19198
SHA1: 46e35742794a7a2e376b13301a75923e105a432e
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name apache Low
Vendor gradle groupid org.apache.tomcat Highest
Vendor Manifest Implementation-Vendor Apache Software Foundation High
Vendor jar package name catalina Low
Vendor central groupid org.apache.tomcat Highest
Vendor pom url http://tomcat.apache.org/ Highest
Vendor pom groupid apache.tomcat Highest
Vendor pom description Tomcat High Availability Implementation Medium
Vendor Manifest specification-vendor Apache Software Foundation Low
Vendor pom artifactid tomcat-catalina-ha Low
Vendor file name tomcat-catalina-ha High
Vendor jar package name ha Low
Product pom groupid apache.tomcat Low
Product pom artifactid tomcat-catalina-ha Highest
Product gradle artifactid tomcat-catalina-ha Highest
Product jar package name catalina Low
Product central artifactid tomcat-catalina-ha Highest
Product pom description Tomcat High Availability Implementation Medium
Product file name tomcat-catalina-ha High
Product Manifest Implementation-Title Apache Tomcat High
Product pom url http://tomcat.apache.org/ Medium
Product Manifest specification-title Apache Tomcat Medium
Product jar package name ha Low
Version Manifest Implementation-Version 8.5.23 High
Version pom version 8.5.23 Highest
Version central version 8.5.23 Highest
Version file version 8.5.23 Highest
Published Vulnerabilities
CVE-2016-5425 suppress
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.
Vulnerable Software & Versions:
CVE-2016-6325 suppress
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.
Vulnerable Software & Versions:
CVE-2017-6056 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-19 Data Handling
It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.
Vulnerable Software & Versions:
tomcat-catalina-8.5.23.jar
Description: Tomcat Servlet Engine Core Classes and Standard implementations
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.tomcat\tomcat-catalina\8.5.23\e27462065112496249740b3f06a99e52c62bcb7c\tomcat-catalina-8.5.23.jar
MD5: 0c7a50b5590d14a79be6e147a37122f9
SHA1: e27462065112496249740b3f06a99e52c62bcb7c
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor file name tomcat-catalina High
Vendor jar package name apache Low
Vendor pom artifactid tomcat-catalina Low
Vendor pom description Tomcat Servlet Engine Core Classes and Standard implementations Medium
Vendor pom url http://tomcat.apache.org/ Highest
Vendor gradle groupid org.apache.tomcat Highest
Vendor pom groupid apache.tomcat Highest
Vendor Manifest Implementation-Vendor Apache Software Foundation High
Vendor jar package name catalina Low
Vendor Manifest specification-vendor Apache Software Foundation Low
Vendor central groupid org.apache.tomcat Highest
Product file name tomcat-catalina High
Product central artifactid tomcat-catalina Highest
Product pom description Tomcat Servlet Engine Core Classes and Standard implementations Medium
Product pom groupid apache.tomcat Low
Product jar package name catalina Low
Product gradle artifactid tomcat-catalina Highest
Product Manifest Implementation-Title Apache Tomcat High
Product pom url http://tomcat.apache.org/ Medium
Product Manifest specification-title Apache Tomcat Medium
Product pom artifactid tomcat-catalina Highest
Version Manifest Implementation-Version 8.5.23 High
Version pom version 8.5.23 Highest
Version central version 8.5.23 Highest
Version file version 8.5.23 Highest
Published Vulnerabilities
CVE-2016-5425 suppress
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.
Vulnerable Software & Versions:
CVE-2016-6325 suppress
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.
Vulnerable Software & Versions:
CVE-2017-6056 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-19 Data Handling
It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.
Vulnerable Software & Versions:
tomcat-jasper-8.5.23.jar
Description: Tomcats JSP Parser
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.tomcat\tomcat-jasper\8.5.23\8b49bd183448deafddc3cb2892a8c05eb148139c\tomcat-jasper-8.5.23.jar
MD5: f36b78487e7a56b81cc9e53a3269a823
SHA1: 8b49bd183448deafddc3cb2892a8c05eb148139c
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name apache Low
Vendor jar package name jasper Low
Vendor gradle groupid org.apache.tomcat Highest
Vendor pom artifactid tomcat-jasper Low
Vendor file name tomcat-jasper High
Vendor jar package name compiler Low
Vendor Manifest Implementation-Vendor Apache Software Foundation High
Vendor central groupid org.apache.tomcat Highest
Vendor pom description Tomcats JSP Parser Medium
Vendor pom url http://tomcat.apache.org/ Highest
Vendor pom groupid apache.tomcat Highest
Vendor Manifest specification-vendor Apache Software Foundation Low
Product jar package name jasper Low
Product pom description Tomcats JSP Parser Medium
Product central artifactid tomcat-jasper Highest
Product file name tomcat-jasper High
Product jar package name compiler Low
Product pom groupid apache.tomcat Low
Product Manifest Implementation-Title Apache Tomcat High
Product pom artifactid tomcat-jasper Highest
Product pom url http://tomcat.apache.org/ Medium
Product gradle artifactid tomcat-jasper Highest
Product Manifest specification-title Apache Tomcat Medium
Version Manifest Implementation-Version 8.5.23 High
Version pom version 8.5.23 Highest
Version central version 8.5.23 Highest
Version file version 8.5.23 Highest
Published Vulnerabilities
CVE-2016-5425 suppress
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.
Vulnerable Software & Versions:
CVE-2016-6325 suppress
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.
Vulnerable Software & Versions:
CVE-2017-6056 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-19 Data Handling
It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.
Vulnerable Software & Versions:
tomcat-tribes-8.5.23.jar
Description: Tomcat Group Communication Package
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.tomcat\tomcat-tribes\8.5.23\67ed5d09298ea4b311a01e684091790fd9a7c884\tomcat-tribes-8.5.23.jar
MD5: ffaeeef05d59e2acb671da1e6b8bca3f
SHA1: 67ed5d09298ea4b311a01e684091790fd9a7c884
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name apache Low
Vendor file name tomcat-tribes High
Vendor pom artifactid tomcat-tribes Low
Vendor gradle groupid org.apache.tomcat Highest
Vendor Manifest Implementation-Vendor Apache Software Foundation High
Vendor jar package name catalina Low
Vendor jar package name tribes Low
Vendor central groupid org.apache.tomcat Highest
Vendor pom url http://tomcat.apache.org/ Highest
Vendor pom groupid apache.tomcat Highest
Vendor pom description Tomcat Group Communication Package Medium
Vendor Manifest specification-vendor Apache Software Foundation Low
Product file name tomcat-tribes High
Product central artifactid tomcat-tribes Highest
Product pom groupid apache.tomcat Low
Product pom description Tomcat Group Communication Package Medium
Product jar package name tribes Low
Product jar package name catalina Low
Product pom artifactid tomcat-tribes Highest
Product Manifest Implementation-Title Apache Tomcat High
Product pom url http://tomcat.apache.org/ Medium
Product gradle artifactid tomcat-tribes Highest
Product Manifest specification-title Apache Tomcat Medium
Version Manifest Implementation-Version 8.5.23 High
Version pom version 8.5.23 Highest
Version central version 8.5.23 Highest
Version file version 8.5.23 Highest
Published Vulnerabilities
CVE-2016-5425 suppress
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.
Vulnerable Software & Versions:
CVE-2016-6325 suppress
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.
Vulnerable Software & Versions:
CVE-2017-6056 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-19 Data Handling
It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.
Vulnerable Software & Versions:
fop-2.2.jar
Description: Apache FOP (Formatting Objects Processor) is the world's first print formatter driven by XSL formatting objects (XSL-FO) and the world's first output independent formatter. It is a Java application that reads a formatting object (FO) tree and renders the resulting pages to a specified output. Output formats currently supported include PDF, PCL, PS, AFP, TIFF, PNG, SVG, XML (area tree representation), Print, AWT and TXT. The primary output target is PDF.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlgraphics\fop\2.2\cc8a8ae39d215425e1dbec5552c64074d0a54b7f\fop-2.2.jar
MD5: 9414a22118eef21c276debf81d955757
SHA1: cc8a8ae39d215425e1dbec5552c64074d0a54b7f
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name apache Low
Vendor pom artifactid fop Low
Vendor pom url http://xmlgraphics.apache.org/fop/ Highest
Vendor pom parent-groupid org.apache Medium
Vendor file name fop High
Vendor pom parent-artifactid apache Low
Vendor central groupid org.apache.xmlgraphics Highest
Vendor manifest: org/apache/fop/ Implementation-Vendor The Apache Software Foundation (http://xmlgraphics.apache.org/fop/) Medium
Vendor pom organization url http://www.apache.org/ Medium
Vendor pom description Apache FOP (Formatting Objects Processor) is the world's first print formatter driven by XSL formatting objects (XSL-FO) and the world's first output independent formatter. It is a Java application that reads a formatting object (FO) tree and renders the resulting pages to a specified output. Output formats currently supported include PDF, PCL, PS, AFP, TIFF, PNG, SVG, XML (area tree representation), Print, AWT and TXT. The primary output target is PDF. Low
Vendor pom name Apache FOP High
Vendor pom groupid apache.xmlgraphics Highest
Vendor pom organization name Apache Software Foundation High
Vendor jar package name fop Low
Vendor gradle groupid org.apache.xmlgraphics Highest
Product gradle artifactid fop Highest
Product file name fop High
Product pom parent-artifactid apache Medium
Product pom description Apache FOP (Formatting Objects Processor) is the world's first print formatter driven by XSL formatting objects (XSL-FO) and the world's first output independent formatter. It is a Java application that reads a formatting object (FO) tree and renders the resulting pages to a specified output. Output formats currently supported include PDF, PCL, PS, AFP, TIFF, PNG, SVG, XML (area tree representation), Print, AWT and TXT. The primary output target is PDF. Low
Product pom name Apache FOP High
Product jar package name fop Low
Product pom organization url http://www.apache.org/ Low
Product manifest: org/apache/fop/ Implementation-Title Apache FOP Medium
Product pom organization name Apache Software Foundation Low
Product pom artifactid fop Highest
Product pom parent-groupid org.apache Low
Product pom url http://xmlgraphics.apache.org/fop/ Medium
Product manifest: org/apache/fop/ Specification-Title XSL-FO - Extensible Stylesheet Language Medium
Product central artifactid fop Highest
Product pom groupid apache.xmlgraphics Low
Version pom version 2.2 Highest
Version file version 2.2 Highest
Version central version 2.2 Highest
xmlrpc-client-3.1.3.jar
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlrpc\xmlrpc-client\3.1.3\e486ad917028b52265610206fb5a1e2b5914b94b\xmlrpc-client-3.1.3.jar
MD5: e304ace736f9812b950f69788bb38a9d
SHA1: e486ad917028b52265610206fb5a1e2b5914b94b
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom artifactid xmlrpc-client Low
Vendor file name xmlrpc-client High
Vendor gradle groupid org.apache.xmlrpc Highest
Vendor Manifest specification-vendor UserLand Software, Inc. Low
Vendor pom groupid apache.xmlrpc Highest
Vendor pom parent-groupid org.apache.xmlrpc Medium
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor Manifest Implementation-Vendor Apache Software Foundation High
Vendor Manifest extension-name org.apache.xmlrpc.client Medium
Vendor central groupid org.apache.xmlrpc Highest
Vendor pom name Apache XML-RPC Client Library High
Vendor pom parent-artifactid xmlrpc Low
Product Manifest specification-title XML-RPC Medium
Product Manifest extension-name org.apache.xmlrpc.client Medium
Product pom parent-groupid org.apache.xmlrpc Low
Product file name xmlrpc-client High
Product pom name Apache XML-RPC Client Library High
Product pom artifactid xmlrpc-client Highest
Product gradle artifactid xmlrpc-client Highest
Product pom groupid apache.xmlrpc Low
Product pom parent-artifactid xmlrpc Medium
Product central artifactid xmlrpc-client Highest
Version central version 3.1.3 Highest
Version pom version 3.1.3 Highest
Version file version 3.1.3 Highest
Version Manifest Implementation-Version 3.1.3 High
Published Vulnerabilities
CVE-2016-5002 suppress
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted DTD.
Vulnerable Software & Versions:
xmlrpc-server-3.1.3.jar
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlrpc\xmlrpc-server\3.1.3\e4ddf1852cb162139230ef733223633e362cf301\xmlrpc-server-3.1.3.jar
MD5: e83289e85123bbe87cd162a9f871439a
SHA1: e4ddf1852cb162139230ef733223633e362cf301
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom name Apache XML-RPC Server Library High
Vendor gradle groupid org.apache.xmlrpc Highest
Vendor Manifest extension-name org.apache.xmlrpc.server Medium
Vendor Manifest specification-vendor UserLand Software, Inc. Low
Vendor pom groupid apache.xmlrpc Highest
Vendor pom parent-groupid org.apache.xmlrpc Medium
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor Manifest Implementation-Vendor Apache Software Foundation High
Vendor central groupid org.apache.xmlrpc Highest
Vendor pom artifactid xmlrpc-server Low
Vendor file name xmlrpc-server High
Vendor pom parent-artifactid xmlrpc Low
Product Manifest specification-title XML-RPC Medium
Product pom parent-groupid org.apache.xmlrpc Low
Product pom artifactid xmlrpc-server Highest
Product gradle artifactid xmlrpc-server Highest
Product pom name Apache XML-RPC Server Library High
Product central artifactid xmlrpc-server Highest
Product Manifest extension-name org.apache.xmlrpc.server Medium
Product file name xmlrpc-server High
Product pom groupid apache.xmlrpc Low
Product pom parent-artifactid xmlrpc Medium
Version central version 3.1.3 Highest
Version pom version 3.1.3 Highest
Version file version 3.1.3 Highest
Version Manifest Implementation-Version 3.1.3 High
Published Vulnerabilities
CVE-2016-5002 suppress
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted DTD.
Vulnerable Software & Versions:
groovy-all-2.4.12.jar
Description: Groovy: A powerful, dynamic language for the JVM
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.codehaus.groovy\groovy-all\2.4.12\760afc568cbd94c09d78f801ce51aed1326710af\groovy-all-2.4.12.jar
MD5: dddb0b3d3619875fa1c538c743ae8f99
SHA1: 760afc568cbd94c09d78f801ce51aed1326710af
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest originally-created-by 1.8.0_131-b11 (Oracle Corporation) Low
Vendor gradle groupid org.codehaus.groovy Highest
Vendor Manifest bundle-symbolicname groovy-all Medium
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor pom organization url http://groovy-lang.org Medium
Vendor manifest Bundle-Description Groovy Runtime Medium
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom name Apache Groovy High
Vendor pom organization name Apache Software Foundation High
Vendor jar package name codehaus Low
Vendor pom groupid codehaus.groovy Highest
Vendor file name groovy-all High
Vendor pom url http://groovy-lang.org Highest
Vendor jar package name groovy Low
Vendor pom description Groovy: A powerful, dynamic language for the JVM Medium
Vendor central groupid org.codehaus.groovy Highest
Vendor Manifest extension-name groovy Medium
Vendor pom artifactid groovy-all Low
Product Manifest originally-created-by 1.8.0_131-b11 (Oracle Corporation) Low
Product pom artifactid groovy-all Highest
Product pom url http://groovy-lang.org Medium
Product Manifest bundle-symbolicname groovy-all Medium
Product pom organization url http://groovy-lang.org Low
Product central artifactid groovy-all Highest
Product manifest Bundle-Description Groovy Runtime Medium
Product pom name Apache Groovy High
Product Manifest specification-title Groovy: a powerful, dynamic language for the JVM Medium
Product Manifest Implementation-Title Groovy: a powerful, dynamic language for the JVM High
Product file name groovy-all High
Product jar package name groovy Low
Product pom description Groovy: A powerful, dynamic language for the JVM Medium
Product Manifest Bundle-Name Groovy Runtime Medium
Product gradle artifactid groovy-all Highest
Product pom organization name Apache Software Foundation Low
Product Manifest extension-name groovy Medium
Product pom groupid codehaus.groovy Low
Version Manifest Implementation-Version 2.4.12 High
Version pom version 2.4.12 Highest
Version central version 2.4.12 Highest
Version file version 2.4.12 Highest
Published Vulnerabilities
CVE-2016-6497 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-254 Security Features
main/java/org/apache/directory/groovyldap/LDAP.java in the Groovy LDAP API allows attackers to conduct LDAP entry poisoning attacks by leveraging setting returnObjFlag to true for all search methods.
Vulnerable Software & Versions:
freemarker-2.3.26-incubating.jar
Description:
FreeMarker is a "template engine"; a generic tool to generate text output based on templates.
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.freemarker\freemarker\2.3.26-incubating\713237e013f725b72f4f9ec931a49c14b1805359\freemarker-2.3.26-incubating.jar
MD5: cbb030d58da59a3c597b65cec837c37e
SHA1: 713237e013f725b72f4f9ec931a49c14b1805359
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom groupid freemarker Highest
Vendor Manifest specification-vendor freemarker.org Low
Vendor Manifest bundle-symbolicname org.freemarker.freemarker Medium
Vendor Manifest extension-name FreeMarker Medium
Vendor Manifest tstamp 2105 Low
Vendor pom description FreeMarker is a "template engine"; a generic tool to generate text output based on templates. Low
Vendor pom parent-groupid org.apache Medium
Vendor pom name Apache FreeMarker High
Vendor pom parent-artifactid apache Low
Vendor pom url http://freemarker.org/ Highest
Vendor jar package name freemarker Low
Vendor pom artifactid freemarker Low
Vendor file name freemarker High
Vendor pom organization name Apache Software Foundation High
Vendor Manifest dstamp 20170315 Low
Vendor gradle groupid org.freemarker Highest
Vendor Manifest Implementation-Vendor freemarker.org High
Vendor pom organization url http://apache.org Medium
Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.8, JavaSE-1.7, JavaSE-1.6, J2SE-1.5 Low
Vendor Manifest today March 15 2017 Low
Vendor central groupid org.freemarker Highest
Product Manifest Bundle-Name org.freemarker.freemarker Medium
Product Manifest bundle-symbolicname org.freemarker.freemarker Medium
Product Manifest extension-name FreeMarker Medium
Product Manifest tstamp 2105 Low
Product pom description FreeMarker is a "template engine"; a generic tool to generate text output based on templates. Low
Product pom name Apache FreeMarker High
Product gradle artifactid freemarker Highest
Product pom parent-artifactid apache Medium
Product file name freemarker High
Product pom organization url http://apache.org Low
Product Manifest specification-title FreeMarker Medium
Product Manifest dstamp 20170315 Low
Product pom groupid freemarker Low
Product pom artifactid freemarker Highest
Product pom organization name Apache Software Foundation Low
Product Manifest bundle-requiredexecutionenvironment JavaSE-1.8, JavaSE-1.7, JavaSE-1.6, J2SE-1.5 Low
Product Manifest Implementation-Title FreeMarker High
Product Manifest today March 15 2017 Low
Product pom parent-groupid org.apache Low
Product pom url http://freemarker.org/ Medium
Product central artifactid freemarker Highest
Version file version 2.3.26 Highest
Version pom version 2.3.26-incubating Highest
Version Manifest Implementation-Version 2.3.26 High
Version central version 2.3.26-incubating Highest
hamcrest-all-1.3.jar
Description:
QDox is a high speed, small footprint parser for extracting class/interface/method definitions from source files
complete with JavaDoc @tags. It is designed to be used by active code generators or documentation tools.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.hamcrest\hamcrest-all\1.3\63a21ebc981131004ad02e0434e799fd7f3a8d5a\hamcrest-all-1.3.jar
MD5: ae5102286b5720dd286d6b606cb891e2
SHA1: 63a21ebc981131004ad02e0434e799fd7f3a8d5a
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom description QDox is a high speed, small footprint parser for extracting class/interface/method definitions from source files complete with JavaDoc @tags. It is designed to be used by active code generators or documentation tools. Low
Vendor gradle groupid org.hamcrest Highest
Vendor pom url http://qdox.codehaus.org Highest
Vendor pom groupid thoughtworks.qdox Highest
Vendor central groupid org.hamcrest Highest
Vendor pom name QDox High
Vendor Manifest built-date 2012-07-09 19:49:34 Low
Vendor file name hamcrest-all High
Vendor Manifest Implementation-Vendor hamcrest.org High
Vendor pom artifactid qdox Low
Product pom artifactid qdox Highest
Product pom description QDox is a high speed, small footprint parser for extracting class/interface/method definitions from source files complete with JavaDoc @tags. It is designed to be used by active code generators or documentation tools. Low
Product pom groupid thoughtworks.qdox Low
Product pom url http://qdox.codehaus.org Medium
Product central artifactid hamcrest-all Highest
Product gradle artifactid hamcrest-all Highest
Product Manifest Implementation-Title hamcrest-all High
Product pom name QDox High
Product Manifest built-date 2012-07-09 19:49:34 Low
Product file name hamcrest-all High
Version file version 1.3 Highest
Version pom version 1.12 Highest
Version Manifest Implementation-Version 1.3 High
Version central version 1.3 Highest
esapi-2.1.0.1.jar
Description: The Enterprise Security API (ESAPI) project is an OWASP project
to create simple strong security controls for every web platform.
Security controls are not simple to build. You can read about the
hundreds of pitfalls for unwary developers on the OWASP web site. By
providing developers with a set of strong controls, we aim to
eliminate some of the complexity of creating secure web applications.
This can result in significant cost savings across the SDLC.
License:
BSD: http://www.opensource.org/licenses/bsd-license.php
Creative Commons 3.0 BY-SA: http://creativecommons.org/licenses/by-sa/3.0/
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.owasp.esapi\esapi\2.1.0.1\8d35e0bad77067b534664cb408493136e086aae1\esapi-2.1.0.1.jar
MD5: 56b5519a2f8e3448d6b942bc87606a2e
SHA1: 8d35e0bad77067b534664cb408493136e086aae1
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor file name esapi High
Vendor Manifest Implementation-Vendor The Open Web Application Security Project (OWASP) High
Vendor pom artifactid esapi Low
Vendor pom name ESAPI High
Vendor pom url https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API Highest
Vendor pom organization name The Open Web Application Security Project (OWASP) High
Vendor gradle groupid org.owasp.esapi Highest
Vendor pom description The Enterprise Security API (ESAPI) project is an OWASP project to create simple strong security controls for every web platform. Security controls are not simple to build. You can read about the hundreds of pitfalls for unwary developers on the OWASP web site. By providing developers with a set of strong controls, we aim to eliminate some of the complexity of creating secure web applications. This can result in significant cost savings across the SDLC. Low
Vendor pom groupid owasp.esapi Highest
Vendor Manifest specification-vendor The Open Web Application Security Project (OWASP) Low
Vendor central groupid org.owasp.esapi Highest
Vendor Manifest Implementation-Vendor-Id org.owasp.esapi Medium
Vendor pom organization url http://www.owasp.org/index.php Medium
Product file name esapi High
Product pom url https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API Medium
Product pom organization name The Open Web Application Security Project (OWASP) Low
Product central artifactid esapi Highest
Product pom name ESAPI High
Product gradle artifactid esapi Highest
Product pom organization url http://www.owasp.org/index.php Low
Product pom description The Enterprise Security API (ESAPI) project is an OWASP project to create simple strong security controls for every web platform. Security controls are not simple to build. You can read about the hundreds of pitfalls for unwary developers on the OWASP web site. By providing developers with a set of strong controls, we aim to eliminate some of the complexity of creating secure web applications. This can result in significant cost savings across the SDLC. Low
Product pom groupid owasp.esapi Low
Product Manifest Implementation-Title ESAPI High
Product Manifest specification-title ESAPI Medium
Product pom artifactid esapi Highest
Version central version 2.1.0.1 Highest
Version file version 2.1.0.1 Highest
Version pom version 2.1.0.1 Highest
Version Manifest Implementation-Version 2.1.0.1 High
spring-test-4.2.3.RELEASE.jar
Description: Spring TestContext Framework
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.springframework\spring-test\4.2.3.RELEASE\d7c055b8fb1117ef75045679892228a4816cd80e\spring-test-4.2.3.RELEASE.jar
MD5: 4ec65b45ae6c51ba549b04f1d75aac7c
SHA1: d7c055b8fb1117ef75045679892228a4816cd80e
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor file name spring-test High
Vendor hint analyzer vendor pivotal software High
Vendor hint analyzer vendor SpringSource High
Vendor jar package name springframework Low
Vendor pom groupid springframework Highest
Vendor pom url spring-projects/spring-framework Highest
Vendor hint analyzer vendor vmware High
Vendor pom artifactid spring-test Low
Vendor pom description Spring TestContext Framework Medium
Vendor pom name Spring TestContext Framework High
Vendor jar package name test Low
Vendor central groupid org.springframework Highest
Vendor pom organization url http://projects.spring.io/spring-framework Medium
Vendor jar package name web Low
Vendor pom organization name Spring IO High
Vendor gradle groupid org.springframework Highest
Product file name spring-test High
Product gradle artifactid spring-test Highest
Product pom description Spring TestContext Framework Medium
Product pom name Spring TestContext Framework High
Product Manifest Implementation-Title spring-test High
Product jar package name test Low
Product pom artifactid spring-test Highest
Product pom url spring-projects/spring-framework High
Product jar package name web Low
Product pom groupid springframework Low
Product hint analyzer product springsource_spring_framework High
Product pom organization name Spring IO Low
Product central artifactid spring-test Highest
Product pom organization url http://projects.spring.io/spring-framework Low
Version central version 4.2.3.RELEASE Highest
Version Manifest Implementation-Version 4.2.3.RELEASE High
Version pom version 4.2.3.RELEASE Highest
Published Vulnerabilities
CVE-2016-5007 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls
Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences.
Vulnerable Software & Versions: (show all )
CVE-2016-9878 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.
Vulnerable Software & Versions: (show all )
jackson-databind-java-optional-2.6.1.jar
Description: Jackson Databind module for serializing and deserializing Java 8 java.util.Option objects.
This tool is forked from original source created by @realjenius
License:
Apache License, Version 2.0: license.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.zapodot\jackson-databind-java-optional\2.6.1\c323ff3dcd35ec5e059f709bb21172dfd958bb5b\jackson-databind-java-optional-2.6.1.jar
MD5: 06e9eba92ae613c3a8ad6cf11618ecc0
SHA1: c323ff3dcd35ec5e059f709bb21172dfd958bb5b
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor central groupid org.zapodot Highest
Vendor pom description Jackson Databind module for serializing and deserializing Java 8 java.util.Option objects. This tool is forked from original source created by @realjenius Low
Vendor pom artifactid jackson-databind-java-optional Low
Vendor pom url zapodot/jackson-databind-java-optional Highest
Vendor gradle groupid org.zapodot Highest
Vendor Manifest bundle-symbolicname org.zapodot.jackson-databind-java-optional Medium
Vendor file name jackson-databind-java-optional High
Vendor manifest Bundle-Description Jackson Databind module for serializing and deserializing Java 8 java.util.Option objects. This tool is forked from original source created by @realjenius Low
Vendor pom groupid zapodot Highest
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low
Vendor pom name Jackson Databind Module for Java 8 Optional High
Product central artifactid jackson-databind-java-optional Highest
Product pom description Jackson Databind module for serializing and deserializing Java 8 java.util.Option objects. This tool is forked from original source created by @realjenius Low
Product pom artifactid jackson-databind-java-optional Highest
Product pom url zapodot/jackson-databind-java-optional High
Product gradle artifactid jackson-databind-java-optional Highest
Product Manifest bundle-symbolicname org.zapodot.jackson-databind-java-optional Medium
Product file name jackson-databind-java-optional High
Product manifest Bundle-Description Jackson Databind module for serializing and deserializing Java 8 java.util.Option objects. This tool is forked from original source created by @realjenius Low
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low
Product Manifest Bundle-Name Jackson Databind Module for Java 8 Optional Medium
Product pom groupid zapodot Low
Product pom name Jackson Databind Module for Java 8 Optional High
Version pom version 2.6.1 Highest
Version central version 2.6.1 Highest
Version file version 2.6.1 Highest
oro-2.0.8.jar
File Path: Z:\Gradle\caches\modules-2\files-2.1\oro\oro\2.0.8\5592374f834645c4ae250f4c9fbb314c9369d698\oro-2.0.8.jar
MD5: 42e940d5d2d822f4dc04c65053e630ab
SHA1: 5592374f834645c4ae250f4c9fbb314c9369d698
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor central groupid oro Highest
Vendor file name oro High
Vendor jar package name apache Low
Vendor jar package name text Low
Vendor gradle groupid oro Highest
Vendor pom groupid oro Highest
Vendor pom artifactid oro Low
Vendor jar package name oro Low
Vendor manifest: org/apache/oro Implementation-Vendor Apache Software Foundation Medium
Product file name oro High
Product manifest: org/apache/oro Specification-Title Jakarta ORO Medium
Product jar package name text Low
Product manifest: org/apache/oro Implementation-Title org.apache.oro Medium
Product jar package name oro Low
Product central artifactid oro Highest
Product pom groupid oro Low
Product gradle artifactid oro Highest
Product pom artifactid oro Highest
Version central version 2.0.8 Highest
Version pom version 2.0.8 Highest
Version file version 2.0.8 Highest
wsdl4j-1.6.3.jar
Description: Java stub generator for WSDL
License:
CPL: http://www.opensource.org/licenses/cpl1.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\wsdl4j\wsdl4j\1.6.3\6d106a6845a3d3477a1560008479312888e94f2f\wsdl4j-1.6.3.jar
MD5: cfc28d89625c5e88589aec7a9aee0208
SHA1: 6d106a6845a3d3477a1560008479312888e94f2f
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name wsdl Low
Vendor pom description Java stub generator for WSDL Medium
Vendor jar package name extensions Low
Vendor jar package name ibm Low
Vendor central groupid wsdl4j Highest
Vendor pom groupid wsdl4j Highest
Vendor pom artifactid wsdl4j Low
Vendor file name wsdl4j High
Vendor pom url http://sf.net/projects/wsdl4j Highest
Vendor Manifest Implementation-Vendor IBM High
Vendor gradle groupid wsdl4j Highest
Vendor Manifest specification-vendor IBM (Java Community Process) Low
Vendor pom name WSDL4J High
Product jar package name wsdl Low
Product pom artifactid wsdl4j Highest
Product pom description Java stub generator for WSDL Medium
Product jar package name extensions Low
Product central artifactid wsdl4j Highest
Product Manifest Implementation-Title WSDL4J High
Product pom url http://sf.net/projects/wsdl4j Medium
Product gradle artifactid wsdl4j Highest
Product file name wsdl4j High
Product Manifest specification-title JWSDL Medium
Product pom groupid wsdl4j Low
Product pom name WSDL4J High
Version file version 1.6.3 Highest
Version central version 1.6.3 Highest
Version Manifest Implementation-Version 1.6.3 High
Version pom version 1.6.3 Highest
jjwt-0.9.0.jar
Description: Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: Z:\Gradle\caches\modules-2\files-2.1\io.jsonwebtoken\jjwt\0.9.0\64e3ed8a5f0bc93ecea592a0b3280f995efbdfe9\jjwt-0.9.0.jar
MD5: 7b1e13236ec27cdb6fde77d4abd89f0c
SHA1: 64e3ed8a5f0bc93ecea592a0b3280f995efbdfe9
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest bundle-symbolicname io.jsonwebtoken.jjwt Medium
Vendor pom artifactid jjwt Low
Vendor gradle groupid io.jsonwebtoken Highest
Vendor manifest Bundle-Description Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/ Medium
Vendor pom groupid io.jsonwebtoken Highest
Vendor central groupid io.jsonwebtoken Highest
Vendor Manifest Implementation-Vendor-Id io.jsonwebtoken Medium
Vendor pom name JSON Web Token support for the JVM High
Vendor file name jjwt High
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Vendor Manifest implementation-url http://nexus.sonatype.org/oss-repository-hosting.html/jjwt Low
Product gradle artifactid jjwt Highest
Product Manifest Bundle-Name JSON Web Token support for the JVM Medium
Product file name jjwt High
Product Manifest implementation-url http://nexus.sonatype.org/oss-repository-hosting.html/jjwt Low
Product Manifest bundle-symbolicname io.jsonwebtoken.jjwt Medium
Product pom artifactid jjwt Highest
Product manifest Bundle-Description Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/ Medium
Product pom name JSON Web Token support for the JVM High
Product pom groupid io.jsonwebtoken Low
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Product central artifactid jjwt Highest
Product Manifest Implementation-Title JSON Web Token support for the JVM High
Product Manifest specification-title JSON Web Token support for the JVM Medium
Version central version 0.9.0 Highest
Version file version 0.9.0 Highest
Version pom version 0.9.0 Highest
Version Manifest Implementation-Version 0.9.0 High
jsoup-1.8.3.jar
Description: jsoup HTML parser
License:
The MIT License: http://jsoup.org/license
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.jsoup\jsoup\1.8.3\65fd012581ded67bc20945d85c32b4598c3a9cf1\jsoup-1.8.3.jar
MD5: 80adb5b301ed840a4b6db97abc02a8b0
SHA1: 65fd012581ded67bc20945d85c32b4598c3a9cf1
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor file name jsoup High
Vendor pom name jsoup High
Vendor pom artifactid jsoup Low
Vendor pom organization url http://jonathanhedley.com/ Medium
Vendor Manifest bundle-symbolicname org.jsoup Medium
Vendor central groupid org.jsoup Highest
Vendor pom url http://jsoup.org/ Highest
Vendor pom groupid jsoup Highest
Vendor gradle groupid org.jsoup Highest
Vendor Manifest bundle-docurl http://jsoup.org/ Low
Vendor pom description jsoup HTML parser Medium
Vendor manifest Bundle-Description jsoup HTML parser Medium
Vendor Manifest originally-created-by 1.8.0_25 (Oracle Corporation) Low
Vendor pom organization name Jonathan Hedley High
Product file name jsoup High
Product pom name jsoup High
Product pom organization name Jonathan Hedley Low
Product central artifactid jsoup Highest
Product pom url http://jsoup.org/ Medium
Product Manifest bundle-symbolicname org.jsoup Medium
Product pom organization url http://jonathanhedley.com/ Low
Product gradle artifactid jsoup Highest
Product pom groupid jsoup Low
Product Manifest Bundle-Name jsoup Medium
Product Manifest bundle-docurl http://jsoup.org/ Low
Product pom description jsoup HTML parser Medium
Product manifest Bundle-Description jsoup HTML parser Medium
Product Manifest originally-created-by 1.8.0_25 (Oracle Corporation) Low
Product pom artifactid jsoup Highest
Version pom version 1.8.3 Highest
Version file version 1.8.3 Highest
Version central version 1.8.3 Highest
Published Vulnerabilities
CVE-2015-6748 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in jsoup before 1.8.3.
Vulnerable Software & Versions:
itextpdf-5.5.6.jar
Description: iText, a free Java-PDF library
License:
GNU Affero General Public License v3: http://www.fsf.org/licensing/licenses/agpl-3.0.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.itextpdf\itextpdf\5.5.6\19448fdba5df68602aed364b86fd14d89c07a66e\itextpdf-5.5.6.jar
MD5: ce105599cd1ae696a04d14dd8f9de5a7
SHA1: 19448fdba5df68602aed364b86fd14d89c07a66e
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor gradle groupid com.itextpdf Highest
Vendor manifest Bundle-Description iText, a free Java-PDF library Medium
Vendor Manifest implementation-build ${buildNumber} Low
Vendor Manifest bundle-symbolicname com.itextpdf Medium
Vendor Manifest Implementation-Vendor-Id com.itextpdf Medium
Vendor pom url http://itextpdf.com Highest
Vendor pom parent-artifactid itext-parent Low
Vendor pom parent-groupid com.itextpdf Medium
Vendor pom artifactid itextpdf Low
Vendor pom name iText, a Free Java-PDF library High
Vendor pom description iText, a free Java-PDF library Medium
Vendor central groupid com.itextpdf Highest
Vendor pom groupid itextpdf Highest
Vendor file name itextpdf High
Product pom url http://itextpdf.com Medium
Product manifest Bundle-Description iText, a free Java-PDF library Medium
Product pom artifactid itextpdf Highest
Product Manifest Bundle-Name iText, a Free Java-PDF library Medium
Product Manifest implementation-build ${buildNumber} Low
Product pom groupid itextpdf Low
Product Manifest bundle-symbolicname com.itextpdf Medium
Product pom parent-groupid com.itextpdf Low
Product central artifactid itextpdf Highest
Product Manifest Implementation-Title iText, a Free Java-PDF library High
Product pom parent-artifactid itext-parent Medium
Product gradle artifactid itextpdf Highest
Product pom name iText, a Free Java-PDF library High
Product pom description iText, a free Java-PDF library Medium
Product file name itextpdf High
Version Manifest Implementation-Version 5.5.6 High
Version file version 5.5.6 Highest
Version central version 5.5.6 Highest
Version pom version 5.5.6 Highest
activation-1.1.jar
Description:
JavaBeans Activation Framework (JAF) is a standard extension to the Java platform that lets you take advantage of standard services to: determine the type of an arbitrary piece of data; encapsulate access to it; discover the operations available on it; and instantiate the appropriate bean to perform the operation(s).
License:
Common Development and Distribution License (CDDL) v1.0: https://glassfish.dev.java.net/public/CDDLv1.0.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\javax.activation\activation\1.1\e6cb541461c2834bdea3eb920f1884d1eb508b50\activation-1.1.jar
MD5: 8ae38e87cd4f86059c0294a8fe3e0b18
SHA1: e6cb541461c2834bdea3eb920f1884d1eb508b50
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest specification-vendor Sun Microsystems, Inc. Low
Vendor jar package name javax Low
Vendor Manifest Implementation-Vendor-Id com.sun Medium
Vendor pom groupid javax.activation Highest
Vendor central groupid javax.activation Highest
Vendor gradle groupid javax.activation Highest
Vendor Manifest extension-name javax.activation Medium
Vendor file name activation High
Vendor Manifest Implementation-Vendor Sun Microsystems, Inc. High
Vendor jar package name activation Low
Vendor pom url http://java.sun.com/products/javabeans/jaf/index.jsp Highest
Vendor pom description JavaBeans Activation Framework (JAF) is a standard extension to the Java platform that lets you take advantage of standard services to: determine the type of an arbitrary piece of data; encapsulate access to it; discover the operations available on it; and instantiate the appropriate bean to perform the operation(s). Low
Vendor pom artifactid activation Low
Vendor pom name JavaBeans Activation Framework (JAF) High
Product file name activation High
Product jar package name activation Low
Product pom url http://java.sun.com/products/javabeans/jaf/index.jsp Medium
Product pom description JavaBeans Activation Framework (JAF) is a standard extension to the Java platform that lets you take advantage of standard services to: determine the type of an arbitrary piece of data; encapsulate access to it; discover the operations available on it; and instantiate the appropriate bean to perform the operation(s). Low
Product pom groupid javax.activation Low
Product Manifest specification-title JavaBeans(TM) Activation Framework Specification Medium
Product central artifactid activation Highest
Product pom artifactid activation Highest
Product gradle artifactid activation Highest
Product Manifest extension-name javax.activation Medium
Product pom name JavaBeans Activation Framework (JAF) High
Version file version 1.1 Highest
Version central version 1.1 Highest
Version pom version 1.1 Highest
Version Manifest Implementation-Version 1.1 High
com.springsource.org.jdom-1.0.0.jar
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.jdom\com.springsource.org.jdom\1.0.0\32e7389479349a9d30cab805d83486b1e865aeaa\com.springsource.org.jdom-1.0.0.jar
MD5: 9741e6528d37b38ac5c953f3d1892aa4
SHA1: 32e7389479349a9d30cab805d83486b1e865aeaa
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor file name com.springsource.org.jdom High
Vendor gradle groupid org.jdom Highest
Vendor jar package name jdom Low
Vendor Manifest bundle-symbolicname com.springsource.org.jdom Medium
Product file name com.springsource.org.jdom High
Product Manifest Bundle-Name JDOM DOM Processor Medium
Product gradle artifactid com.springsource.org.jdom Highest
Product Manifest bundle-symbolicname com.springsource.org.jdom Medium
Version file version 1.0.0 Highest
Version file name com.springsource.org.jdom Medium
Version gradle version 1.0.0 Highest
Version Manifest Bundle-Version 1.0.0 High
maven: org.jdom:com.springsource.org.jdom:1.0.0
Confidence :Highest
xmlpull-1.1.3.1.jar
License:
Public Domain: http://www.xmlpull.org/v1/download/unpacked/LICENSE.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\xmlpull\xmlpull\1.1.3.1\2b8e230d2ab644e4ecaa94db7cdedbc40c805dfa\xmlpull-1.1.3.1.jar
MD5: cc57dacc720eca721a50e78934b822d2
SHA1: 2b8e230d2ab644e4ecaa94db7cdedbc40c805dfa
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom groupid xmlpull Highest
Vendor pom url http://www.xmlpull.org Highest
Vendor file name xmlpull High
Vendor jar package name v1 Low
Vendor gradle groupid xmlpull Highest
Vendor pom artifactid xmlpull Low
Vendor pom name XML Pull Parsing API High
Vendor jar package name xmlpull Low
Vendor central groupid xmlpull Highest
Product file name xmlpull High
Product central artifactid xmlpull Highest
Product jar package name v1 Low
Product pom url http://www.xmlpull.org Medium
Product gradle artifactid xmlpull Highest
Product pom artifactid xmlpull Highest
Product pom name XML Pull Parsing API High
Product pom groupid xmlpull Low
Version central version 1.1.3.1 Highest
Version pom version 1.1.3.1 Highest
Version file version 1.1.3.1 Highest
xpp3_min-1.1.4c.jar
Description: MXP1 is a stable XmlPull parsing engine that is based on ideas from XPP and in particular XPP2 but completely revised and rewritten to take the best advantage of latest JIT JVMs such as Hotspot in JDK 1.4+.
License:
Indiana University Extreme! Lab Software License, vesion 1.1.1: http://www.extreme.indiana.edu/viewcvs/~checkout~/XPP3/java/LICENSE.txt
Public Domain: http://creativecommons.org/licenses/publicdomain
File Path: Z:\Gradle\caches\modules-2\files-2.1\xpp3\xpp3_min\1.1.4c\19d4e90b43059058f6e056f794f0ea4030d60b86\xpp3_min-1.1.4c.jar
MD5: dcd95bcb84b09897b2b66d4684c040da
SHA1: 19d4e90b43059058f6e056f794f0ea4030d60b86
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor gradle groupid xpp3 Highest
Vendor pom organization name Extreme! Lab, Indiana University High
Vendor file name xpp3_min High
Vendor jar package name v1 Low
Vendor pom artifactid xpp3_min Low
Vendor central groupid xpp3 Highest
Vendor pom groupid xpp3 Highest
Vendor pom description MXP1 is a stable XmlPull parsing engine that is based on ideas from XPP and in particular XPP2 but completely revised and rewritten to take the best advantage of latest JIT JVMs ... Low
Vendor pom url http://www.extreme.indiana.edu/xgws/xsoap/xpp/mxp1/ Highest
Vendor pom organization url http://www.extreme.indiana.edu/ Medium
Vendor jar package name xmlpull Low
Vendor pom name MXP1: Xml Pull Parser 3rd Edition (XPP3) High
Product pom groupid xpp3 Low
Product file name xpp3_min High
Product jar package name v1 Low
Product pom organization name Extreme! Lab, Indiana University Low
Product pom artifactid xpp3_min Highest
Product pom description MXP1 is a stable XmlPull parsing engine that is based on ideas from XPP and in particular XPP2 but completely revised and rewritten to take the best advantage of latest JIT JVMs ... Low
Product gradle artifactid xpp3_min Highest
Product pom organization url http://www.extreme.indiana.edu/ Low
Product pom name MXP1: Xml Pull Parser 3rd Edition (XPP3) High
Product pom url http://www.extreme.indiana.edu/xgws/xsoap/xpp/mxp1/ Medium
Product central artifactid xpp3_min Highest
Version file version 1.1.4c Highest
Version central version 1.1.4c Highest
Version pom version 1.1.4c Highest
commons-digester-1.8.1.jar
Description:
The Digester package lets you configure an XML to Java object mapping module
which triggers certain actions called rules whenever a particular
pattern of nested XML elements is recognized.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\commons-digester\commons-digester\1.8.1\3dec9b9c7ea9342d4dbe8c38560080d85b44a015\commons-digester-1.8.1.jar
MD5: 5002ecf033f5a79e398155823badb36a
SHA1: 3dec9b9c7ea9342d4dbe8c38560080d85b44a015
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor gradle groupid commons-digester Highest
Vendor file name commons-digester High
Vendor Manifest bundle-symbolicname org.apache.commons.digester Medium
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor pom url http://commons.apache.org/digester/ Highest
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom parent-groupid org.apache.commons Medium
Vendor pom description The Digester package lets you configure an XML to Java object mapping module which triggers certain actions called rules whenever a particular pattern of nested XML elements is recognized. Low
Vendor Manifest bundle-docurl http://commons.apache.org/digester/ Low
Vendor pom name Commons Digester High
Vendor central groupid commons-digester Highest
Vendor pom parent-artifactid commons-parent Low
Vendor pom artifactid commons-digester Low
Vendor pom groupid commons-digester Highest
Vendor manifest Bundle-Description The Digester package lets you configure an XML to Java object mapping module which triggers certain actions called rules whenever a particular pattern of nested XML elements is recognized. Low
Product pom parent-groupid org.apache.commons Low
Product Manifest Bundle-Name Commons Digester Medium
Product pom groupid commons-digester Low
Product file name commons-digester High
Product Manifest Implementation-Title Commons Digester High
Product pom url http://commons.apache.org/digester/ Medium
Product Manifest bundle-symbolicname org.apache.commons.digester Medium
Product gradle artifactid commons-digester Highest
Product central artifactid commons-digester Highest
Product pom description The Digester package lets you configure an XML to Java object mapping module which triggers certain actions called rules whenever a particular pattern of nested XML elements is recognized. Low
Product pom parent-artifactid commons-parent Medium
Product Manifest bundle-docurl http://commons.apache.org/digester/ Low
Product pom name Commons Digester High
Product pom artifactid commons-digester Highest
Product Manifest specification-title Commons Digester Medium
Product manifest Bundle-Description The Digester package lets you configure an XML to Java object mapping module which triggers certain actions called rules whenever a particular pattern of nested XML elements is recognized. Low
Version pom version 1.8.1 Highest
Version file version 1.8.1 Highest
Version Manifest Implementation-Version 1.8.1 High
Version central version 1.8.1 Highest
commons-logging-1.2.jar
Description: Apache Commons Logging is a thin adapter allowing configurable bridging to other,
well known logging systems.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\commons-logging\commons-logging\1.2\4bfc12adfe4842bf07b657f0369c4cb522955686\commons-logging-1.2.jar
MD5: 040b4b4d8eac886f6b4a2a3bd2f31b00
SHA1: 4bfc12adfe4842bf07b657f0369c4cb522955686
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom artifactid commons-logging Low
Vendor pom name Apache Commons Logging High
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor pom description Apache Commons Logging is a thin adapter allowing configurable bridging to other, well known logging systems. Low
Vendor file name commons-logging High
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor gradle groupid commons-logging Highest
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom parent-groupid org.apache.commons Medium
Vendor Manifest bundle-symbolicname org.apache.commons.logging Medium
Vendor pom url http://commons.apache.org/proper/commons-logging/ Highest
Vendor manifest Bundle-Description Apache Commons Logging is a thin adapter allowing configurable bridging to other, well known logging systems. Low
Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-logging/ Low
Vendor Manifest implementation-build tags/LOGGING_1_2_RC2@r1608092; 2014-07-05 20:11:44+0200 Low
Vendor pom parent-artifactid commons-parent Low
Vendor central groupid commons-logging Highest
Vendor pom groupid commons-logging Highest
Product gradle artifactid commons-logging Highest
Product pom url http://commons.apache.org/proper/commons-logging/ Medium
Product pom parent-groupid org.apache.commons Low
Product pom name Apache Commons Logging High
Product pom description Apache Commons Logging is a thin adapter allowing configurable bridging to other, well known logging systems. Low
Product file name commons-logging High
Product Manifest specification-title Apache Commons Logging Medium
Product pom groupid commons-logging Low
Product Manifest bundle-symbolicname org.apache.commons.logging Medium
Product central artifactid commons-logging Highest
Product Manifest Implementation-Title Apache Commons Logging High
Product manifest Bundle-Description Apache Commons Logging is a thin adapter allowing configurable bridging to other, well known logging systems. Low
Product pom artifactid commons-logging Highest
Product pom parent-artifactid commons-parent Medium
Product Manifest Bundle-Name Apache Commons Logging Medium
Product Manifest bundle-docurl http://commons.apache.org/proper/commons-logging/ Low
Product Manifest implementation-build tags/LOGGING_1_2_RC2@r1608092; 2014-07-05 20:11:44+0200 Low
Version central version 1.2 Highest
Version file version 1.2 Highest
Version pom version 1.2 Highest
Version Manifest Implementation-Version 1.2 High
commons-collections-3.2.2.jar
Description: Types that extend and augment the Java Collections Framework.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\commons-collections\commons-collections\3.2.2\8ad72fe39fa8c91eaaf12aadb21e0c3661fe26d5\commons-collections-3.2.2.jar
MD5: f54a8510f834a1a57166970bfc982e94
SHA1: 8ad72fe39fa8c91eaaf12aadb21e0c3661fe26d5
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor gradle groupid commons-collections Highest
Vendor Manifest bundle-symbolicname org.apache.commons.collections Medium
Vendor pom name Apache Commons Collections High
Vendor Manifest implementation-url http://commons.apache.org/collections/ Low
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.3))" Low
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor pom description Types that extend and augment the Java Collections Framework. Medium
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor Manifest implementation-build tags/COLLECTIONS_3_2_2_RC3@r1714131; 2015-11-13 00:09:45+0100 Low
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom parent-groupid org.apache.commons Medium
Vendor Manifest bundle-docurl http://commons.apache.org/collections/ Low
Vendor pom groupid commons-collections Highest
Vendor central groupid commons-collections Highest
Vendor manifest Bundle-Description Types that extend and augment the Java Collections Framework. Medium
Vendor pom parent-artifactid commons-parent Low
Vendor pom url http://commons.apache.org/collections/ Highest
Vendor pom artifactid commons-collections Low
Vendor file name commons-collections High
Product Manifest specification-title Apache Commons Collections Medium
Product pom parent-groupid org.apache.commons Low
Product pom url http://commons.apache.org/collections/ Medium
Product Manifest bundle-symbolicname org.apache.commons.collections Medium
Product central artifactid commons-collections Highest
Product pom name Apache Commons Collections High
Product Manifest implementation-url http://commons.apache.org/collections/ Low
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.3))" Low
Product pom groupid commons-collections Low
Product pom description Types that extend and augment the Java Collections Framework. Medium
Product Manifest implementation-build tags/COLLECTIONS_3_2_2_RC3@r1714131; 2015-11-13 00:09:45+0100 Low
Product Manifest Implementation-Title Apache Commons Collections High
Product Manifest Bundle-Name Apache Commons Collections Medium
Product pom artifactid commons-collections Highest
Product pom parent-artifactid commons-parent Medium
Product Manifest bundle-docurl http://commons.apache.org/collections/ Low
Product manifest Bundle-Description Types that extend and augment the Java Collections Framework. Medium
Product gradle artifactid commons-collections Highest
Product file name commons-collections High
Version central version 3.2.2 Highest
Version file version 3.2.2 Highest
Version pom version 3.2.2 Highest
Version Manifest Implementation-Version 3.2.2 High
junit-4.11.jar
Description:
JUnit is a regression testing framework written by Erich Gamma and Kent Beck.
It is used by the developer who implements unit tests in Java.
License:
Common Public License Version 1.0: http://www.opensource.org/licenses/cpl1.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\junit\junit\4.11\4e031bb61df09069aeb2bffb4019e7a5034a4ee0\junit-4.11.jar
MD5: 3c42be5ea7cbf3635716abbb429cb90d
SHA1: 4e031bb61df09069aeb2bffb4019e7a5034a4ee0
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom artifactid junit Low
Vendor jar package name junit Low
Vendor pom url http://junit.org Highest
Vendor pom organization name JUnit High
Vendor pom organization url http://www.junit.org Medium
Vendor pom groupid junit Highest
Vendor pom name JUnit High
Vendor gradle groupid junit Highest
Vendor pom description JUnit is a regression testing framework written by Erich Gamma and Kent Beck. It is used by the developer who implements unit tests in Java. Low
Vendor central groupid junit Highest
Vendor file name junit High
Product pom organization url http://www.junit.org Low
Product central artifactid junit Highest
Product pom name JUnit High
Product pom description JUnit is a regression testing framework written by Erich Gamma and Kent Beck. It is used by the developer who implements unit tests in Java. Low
Product pom groupid junit Low
Product pom url http://junit.org Medium
Product file name junit High
Product gradle artifactid junit Highest
Product pom artifactid junit Highest
Product pom organization name JUnit Low
Version pom version 4.11 Highest
Version central version 4.11 Highest
Version file version 4.11 Highest
backport-util-concurrent-3.1.jar
Description: Dawid Kurzyniec's backport of JSR 166
License:
Public Domain: http://creativecommons.org/licenses/publicdomain
File Path: Z:\Gradle\caches\modules-2\files-2.1\backport-util-concurrent\backport-util-concurrent\3.1\682f7ac17fed79e92f8e87d8455192b63376347b\backport-util-concurrent-3.1.jar
MD5: 748bb0cbf4780b2e3121dc9c12e10cd9
SHA1: 682f7ac17fed79e92f8e87d8455192b63376347b
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor file name backport-util-concurrent High
Vendor pom organization name Dawid Kurzyniec High
Vendor pom artifactid backport-util-concurrent Low
Vendor pom name Backport of JSR 166 High
Vendor central groupid backport-util-concurrent Highest
Vendor pom groupid backport-util-concurrent Highest
Vendor pom url http://backport-jsr166.sourceforge.net/ Highest
Vendor jar package name emory Low
Vendor pom organization url http://www.mathcs.emory.edu/~dawidk/ Medium
Vendor jar package name edu Low
Vendor gradle groupid backport-util-concurrent Highest
Vendor jar package name mathcs Low
Vendor pom description Dawid Kurzyniec's backport of JSR 166 Medium
Product gradle artifactid backport-util-concurrent Highest
Product pom url http://backport-jsr166.sourceforge.net/ Medium
Product file name backport-util-concurrent High
Product pom name Backport of JSR 166 High
Product pom organization url http://www.mathcs.emory.edu/~dawidk/ Low
Product jar package name emory Low
Product pom artifactid backport-util-concurrent Highest
Product jar package name backport Low
Product central artifactid backport-util-concurrent Highest
Product jar package name mathcs Low
Product pom groupid backport-util-concurrent Low
Product pom description Dawid Kurzyniec's backport of JSR 166 Medium
Product pom organization name Dawid Kurzyniec Low
Version file version 3.1 Highest
Version pom version 3.1 Highest
Version central version 3.1 Highest
ant-1.10.1.jar
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.ant\ant\1.10.1\591b690cc83d444fa9c9813a792aeaba412e4ab6\ant-1.10.1.jar
MD5: 1acf5522fe413f811675972a2f3fa68d
SHA1: 591b690cc83d444fa9c9813a792aeaba412e4ab6
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor file name ant High
Vendor jar package name apache Low
Vendor manifest: org/apache/tools/ant/ Implementation-Vendor Apache Software Foundation Medium
Vendor jar package name ant Low
Vendor gradle groupid org.apache.ant Highest
Vendor central groupid org.apache.ant Highest
Vendor pom artifactid ant Low
Vendor pom name Apache Ant Core High
Vendor pom parent-groupid org.apache.ant Medium
Vendor pom url http://ant.apache.org/ Highest
Vendor pom parent-artifactid ant-parent Low
Vendor jar package name tools Low
Vendor pom groupid apache.ant Highest
Product file name ant High
Product manifest: org/apache/tools/ant/ Specification-Title Apache Ant Medium
Product pom groupid apache.ant Low
Product jar package name ant Low
Product pom parent-artifactid ant-parent Medium
Product gradle artifactid ant Highest
Product pom name Apache Ant Core High
Product manifest: org/apache/tools/ant/ Implementation-Title org.apache.tools.ant Medium
Product jar package name tools Low
Product central artifactid ant Highest
Product pom url http://ant.apache.org/ Medium
Product pom parent-groupid org.apache.ant Low
Product pom artifactid ant Highest
Version file version 1.10.1 Highest
Version central version 1.10.1 Highest
Version pom version 1.10.1 Highest
axiom-api-1.2.20.jar
Description: The Axiom API
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.ws.commons.axiom\axiom-api\1.2.20\ec33988dce6ab4c1d15122208dae7b1fbc6c0ac4\axiom-api-1.2.20.jar
MD5: 1be8dab65aa72d613bf07ce79c4b41c6
SHA1: ec33988dce6ab4c1d15122208dae7b1fbc6c0ac4
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom parent-groupid org.apache.ws.commons.axiom Medium
Vendor manifest Bundle-Description The Axiom API Medium
Vendor pom artifactid axiom-api Low
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor central groupid org.apache.ws.commons.axiom Highest
Vendor pom groupid apache.ws.commons.axiom Highest
Vendor Manifest Implementation-Vendor-Id org.apache.ws.commons.axiom Medium
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor gradle groupid org.apache.ws.commons.axiom Highest
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low
Vendor Manifest bundle-docurl http://www.apache.org/ Low
Vendor Manifest bundle-symbolicname org.apache.ws.commons.axiom.axiom-api Medium
Vendor pom parent-artifactid axiom Low
Vendor pom description The Axiom API Medium
Vendor file name axiom-api High
Vendor pom name Axiom API High
Vendor pom url http://ws.apache.org/axiom/ Highest
Product manifest Bundle-Description The Axiom API Medium
Product Manifest specification-title Axiom API Medium
Product Manifest Implementation-Title Axiom API High
Product pom url http://ws.apache.org/axiom/ Medium
Product pom artifactid axiom-api Highest
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low
Product Manifest bundle-docurl http://www.apache.org/ Low
Product Manifest bundle-symbolicname org.apache.ws.commons.axiom.axiom-api Medium
Product pom parent-artifactid axiom Medium
Product pom description The Axiom API Medium
Product central artifactid axiom-api Highest
Product file name axiom-api High
Product pom groupid apache.ws.commons.axiom Low
Product pom parent-groupid org.apache.ws.commons.axiom Low
Product Manifest Bundle-Name Axiom API Medium
Product pom name Axiom API High
Product gradle artifactid axiom-api Highest
Version Manifest Implementation-Version 1.2.20 High
Version file version 1.2.20 Highest
Version central version 1.2.20 Highest
Version pom version 1.2.20 Highest
axiom-impl-1.2.20.jar
Description: The default implementation of the Axiom API.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.ws.commons.axiom\axiom-impl\1.2.20\fdb6f7eb20dfaab2ee513e734defc7219aed046\axiom-impl-1.2.20.jar
MD5: 91d2ea04009497e11b940987359a190b
SHA1: 0fdb6f7eb20dfaab2ee513e734defc7219aed046
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom parent-artifactid implementations Low
Vendor manifest Bundle-Description The default implementation of the Axiom API. Medium
Vendor jar package name apache Low
Vendor pom parent-groupid org.apache.ws.commons.axiom Medium
Vendor central groupid org.apache.ws.commons.axiom Highest
Vendor pom groupid apache.ws.commons.axiom Highest
Vendor gradle groupid org.apache.ws.commons.axiom Highest
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low
Vendor Manifest bundle-docurl http://www.apache.org/ Low
Vendor pom artifactid axiom-impl Low
Vendor jar package name axiom Low
Vendor pom description The default implementation of the Axiom API. Medium
Vendor file name axiom-impl High
Vendor Manifest bundle-symbolicname org.apache.ws.commons.axiom.axiom-impl Medium
Vendor pom name LLOM High
Product manifest Bundle-Description The default implementation of the Axiom API. Medium
Product pom artifactid axiom-impl Highest
Product central artifactid axiom-impl Highest
Product pom parent-artifactid implementations Medium
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low
Product Manifest bundle-docurl http://www.apache.org/ Low
Product Manifest Bundle-Name LLOM Medium
Product jar package name axiom Low
Product gradle artifactid axiom-impl Highest
Product pom description The default implementation of the Axiom API. Medium
Product file name axiom-impl High
Product pom groupid apache.ws.commons.axiom Low
Product pom parent-groupid org.apache.ws.commons.axiom Low
Product Manifest bundle-symbolicname org.apache.ws.commons.axiom.axiom-impl Medium
Product pom name LLOM High
Product jar package name impl Low
Version file version 1.2.20 Highest
Version central version 1.2.20 Highest
Version pom version 1.2.20 Highest
geronimo-ws-metadata_2.0_spec-1.1.2.jar
Description: Provides open-source implementations of Sun specifications.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.geronimo.specs\geronimo-ws-metadata_2.0_spec\1.1.2\7be9f049b4f0f0cf045675be5a0ff709d57cbc6a\geronimo-ws-metadata_2.0_spec-1.1.2.jar
MD5: 3d0fbbca45e8877dee74e83bc83317d5
SHA1: 7be9f049b4f0f0cf045675be5a0ff709d57cbc6a
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom parent-artifactid specs Low
Vendor manifest Bundle-Description Provides open-source implementations of Sun specifications. Medium
Vendor central groupid org.apache.geronimo.specs Highest
Vendor file name geronimo-ws-metadata_2.0_spec-1.1.2 High
Vendor pom parent-groupid org.apache.geronimo.specs Medium
Vendor pom artifactid geronimo-ws-metadata_2.0_spec Low
Vendor pom name Web Services Metadata 2.0 High
Vendor gradle groupid org.apache.geronimo.specs Highest
Vendor pom groupid apache.geronimo.specs Highest
Vendor Manifest bundle-symbolicname org.apache.geronimo.specs.geronimo-ws-metadata_2.0_spec Medium
Vendor Manifest bundle-docurl http://www.apache.org Low
Product Manifest Implementation-Title Apache Geronimo High
Product Manifest Bundle-Name geronimo-ws-metadata_2.0_spec Medium
Product manifest Bundle-Description Provides open-source implementations of Sun specifications. Medium
Product pom parent-artifactid specs Medium
Product gradle artifactid geronimo-ws-metadata_2.0_spec Highest
Product pom groupid apache.geronimo.specs Low
Product pom parent-groupid org.apache.geronimo.specs Low
Product central artifactid geronimo-ws-metadata_2.0_spec Highest
Product file name geronimo-ws-metadata_2.0_spec-1.1.2 High
Product pom name Web Services Metadata 2.0 High
Product Manifest bundle-symbolicname org.apache.geronimo.specs.geronimo-ws-metadata_2.0_spec Medium
Product Manifest bundle-docurl http://www.apache.org Low
Product pom artifactid geronimo-ws-metadata_2.0_spec Highest
Version Manifest Implementation-Version 1.1.2 High
Version pom version 1.1.2 Highest
Version central version 1.1.2 Highest
commons-fileupload-1.3.3.jar
Description:
The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart
file upload functionality to servlets and web applications.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\commons-fileupload\commons-fileupload\1.3.3\4ff14d809195b711fd6bcc87e6777f886730ca1\commons-fileupload-1.3.3.jar
MD5: dd77e787b7b5dc56f6a1cb658716d55d
SHA1: 04ff14d809195b711fd6bcc87e6777f886730ca1
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest implementation-url http://commons.apache.org/proper/commons-fileupload/ Low
Vendor Manifest implementation-build UNKNOWN@r18734e9f77a267ebc82ff2ffce6d96e82a34260f; 2017-06-09 22:59:50+0000 Low
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor gradle groupid commons-fileupload Highest
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor pom artifactid commons-fileupload Low
Vendor file name commons-fileupload High
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom parent-groupid org.apache.commons Medium
Vendor Manifest bundle-symbolicname org.apache.commons.fileupload Medium
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low
Vendor pom url http://commons.apache.org/proper/commons-fileupload/ Highest
Vendor pom groupid commons-fileupload Highest
Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-fileupload/ Low
Vendor pom parent-artifactid commons-parent Low
Vendor pom description The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications. Low
Vendor pom name Apache Commons FileUpload High
Vendor manifest Bundle-Description The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications. Low
Vendor central groupid commons-fileupload Highest
Product pom groupid commons-fileupload Low
Product pom parent-groupid org.apache.commons Low
Product Manifest implementation-url http://commons.apache.org/proper/commons-fileupload/ Low
Product Manifest implementation-build UNKNOWN@r18734e9f77a267ebc82ff2ffce6d96e82a34260f; 2017-06-09 22:59:50+0000 Low
Product pom url http://commons.apache.org/proper/commons-fileupload/ Medium
Product central artifactid commons-fileupload Highest
Product file name commons-fileupload High
Product Manifest bundle-symbolicname org.apache.commons.fileupload Medium
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low
Product gradle artifactid commons-fileupload Highest
Product pom parent-artifactid commons-parent Medium
Product Manifest Implementation-Title Apache Commons FileUpload High
Product Manifest bundle-docurl http://commons.apache.org/proper/commons-fileupload/ Low
Product pom description The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications. Low
Product pom name Apache Commons FileUpload High
Product Manifest specification-title Apache Commons FileUpload Medium
Product Manifest Bundle-Name Apache Commons FileUpload Medium
Product pom artifactid commons-fileupload Highest
Product manifest Bundle-Description The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications. Low
Version central version 1.3.3 Highest
Version file version 1.3.3 Highest
Version pom version 1.3.3 Highest
Version Manifest Implementation-Version 1.3.3 High
xmlschema-core-2.2.1.jar
Description: Commons XMLSchema is a light weight schema object model that can be used to manipulate or
generate XML schema.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.ws.xmlschema\xmlschema-core\2.2.1\2eff1f3776590d4c51cc735eab2143c497329f2\xmlschema-core-2.2.1.jar
MD5: bab3d98961f361b5e66dbcdadaad1ecf
SHA1: 02eff1f3776590d4c51cc735eab2143c497329f2
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom parent-artifactid xmlschema Low
Vendor pom name XmlSchema Core High
Vendor pom description Commons XMLSchema is a light weight schema object model that can be used to manipulate or generate XML schema. Low
Vendor central groupid org.apache.ws.xmlschema Highest
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor gradle groupid org.apache.ws.xmlschema Highest
Vendor Manifest bundle-symbolicname org.apache.ws.xmlschema.core Medium
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor Manifest bundle-docurl http://ws.apache.org/xmlschema/ Low
Vendor pom parent-groupid org.apache.ws.xmlschema Medium
Vendor pom groupid apache.ws.xmlschema Highest
Vendor manifest Bundle-Description Commons XMLSchema is a light weight schema object model that can be used to manipulate or generate XML schema. Low
Vendor file name xmlschema-core High
Vendor pom artifactid xmlschema-core Low
Product gradle artifactid xmlschema-core Highest
Product pom name XmlSchema Core High
Product pom parent-artifactid xmlschema Medium
Product pom description Commons XMLSchema is a light weight schema object model that can be used to manipulate or generate XML schema. Low
Product pom groupid apache.ws.xmlschema Low
Product Manifest bundle-symbolicname org.apache.ws.xmlschema.core Medium
Product Manifest Bundle-Name XmlSchema Core Medium
Product central artifactid xmlschema-core Highest
Product Manifest bundle-docurl http://ws.apache.org/xmlschema/ Low
Product pom artifactid xmlschema-core Highest
Product manifest Bundle-Description Commons XMLSchema is a light weight schema object model that can be used to manipulate or generate XML schema. Low
Product file name xmlschema-core High
Product pom parent-groupid org.apache.ws.xmlschema Low
Version file version 2.2.1 Highest
Version central version 2.2.1 Highest
Version pom version 2.2.1 Highest
neethi-3.0.3.jar
Description: Apache Neethi provides general framework for the programmers to use WS Policy. It is compliant with latest WS Policy specification which was published in March 2006. This framework is specifically written to enable the Apache Web services stack to use WS Policy as a way of expressing it's requirements and capabilities.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.neethi\neethi\3.0.3\ee37a38bbf9f355ee88ba554a85c9220b75ba500\neethi-3.0.3.jar
MD5: 8a81813a03e2899ccd31f0e92f6cc691
SHA1: ee37a38bbf9f355ee88ba554a85c9220b75ba500
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest bundle-symbolicname org.apache.neethi Medium
Vendor pom parent-groupid org.apache Medium
Vendor pom parent-artifactid apache Low
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor central groupid org.apache.neethi Highest
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor file name neethi High
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom organization url http://www.apache.org/ Medium
Vendor Manifest bundle-docurl http://www.apache.org/ Low
Vendor gradle groupid org.apache.neethi Highest
Vendor pom name Apache Neethi High
Vendor manifest Bundle-Description Apache Neethi provides general framework for the programmers to use WS Policy. It is compliant with latest WS Policy specification which was published in March 2006. This framework is specifically written to enable the Apache Web services stack to use WS Policy as a way of expressing it's requirements and capabilities. Low
Vendor pom organization name The Apache Software Foundation High
Vendor pom artifactid neethi Low
Vendor pom url http://ws.apache.org/neethi/ Highest
Vendor pom description Apache Neethi provides general framework for the programmers to use WS Policy. It is compliant with latest WS Policy specification which was published in March 2006. This framework is specifically written to enable the Apache Web services stack to use WS Policy as a way of expressing it's requirements and capabilities. Low
Vendor pom groupid apache.neethi Highest
Product Manifest bundle-symbolicname org.apache.neethi Medium
Product central artifactid neethi Highest
Product pom groupid apache.neethi Low
Product pom url http://ws.apache.org/neethi/ Medium
Product Manifest Implementation-Title Apache Neethi High
Product pom parent-artifactid apache Medium
Product file name neethi High
Product gradle artifactid neethi Highest
Product Manifest Bundle-Name Apache Neethi Medium
Product Manifest bundle-docurl http://www.apache.org/ Low
Product pom organization url http://www.apache.org/ Low
Product pom name Apache Neethi High
Product manifest Bundle-Description Apache Neethi provides general framework for the programmers to use WS Policy. It is compliant with latest WS Policy specification which was published in March 2006. This framework is specifically written to enable the Apache Web services stack to use WS Policy as a way of expressing it's requirements and capabilities. Low
Product Manifest specification-title Apache Neethi Medium
Product pom artifactid neethi Highest
Product pom description Apache Neethi provides general framework for the programmers to use WS Policy. It is compliant with latest WS Policy specification which was published in March 2006. This framework is specifically written to enable the Apache Web services stack to use WS Policy as a way of expressing it's requirements and capabilities. Low
Product pom parent-groupid org.apache Low
Product pom organization name The Apache Software Foundation Low
Version central version 3.0.3 Highest
Version file version 3.0.3 Highest
Version Manifest Implementation-Version 3.0.3 High
Version pom version 3.0.3 Highest
woden-core-1.0M10.jar
Description: The Woden project is a subproject of the Apache Web Services Project to develop a Java class library for reading, manipulating, creating and writing WSDL documents, initially to support WSDL 2.0 but with the longer term aim of supporting past, present and future versions of WSDL. There are two main deliverables: an API and an implementation. The Woden API consists of a set of Java interfaces. The WSDL 2.0-specific portion of the Woden API conforms to the W3C WSDL 2.0 specification. The implementation will be a high performance implementation directly usable in other Apache projects such as Axis2.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.woden\woden-core\1.0M10\ffed89bc39eb7fce6b74765b3417c6844d8003a2\woden-core-1.0M10.jar
MD5: 7b04937efc02bbc6cb0b73afb5d48b78
SHA1: ffed89bc39eb7fce6b74765b3417c6844d8003a2
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor file name woden-core High
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor Manifest bundle-docurl http://www.apache.org/ Low
Vendor gradle groupid org.apache.woden Highest
Vendor pom parent-artifactid woden Low
Vendor pom artifactid woden-core Low
Vendor Manifest bundle-symbolicname org.apache.woden.core Medium
Vendor pom parent-groupid org.apache.woden Medium
Vendor manifest Bundle-Description The Woden project is a subproject of the Apache Web Services Project to develop a Java class library for reading, manipulating, creating and writing WSDL documents, initially to support WSDL 2.0 but with the longer term aim of supporting past, present and future versions of WSDL. There are two main deliverables: an API and an implementation. The Woden API consists of a set of Java interfaces. The WSDL 2.0-specific portion of the Woden API conforms to the W3C WSDL 2.0 specification. The implementation will be a high performance implementation directly usable in other Apache projects ... Low
Vendor central groupid org.apache.woden Highest
Vendor pom groupid apache.woden Highest
Vendor pom name Woden - Core High
Product central artifactid woden-core Highest
Product pom artifactid woden-core Highest
Product file name woden-core High
Product pom parent-artifactid woden Medium
Product pom groupid apache.woden Low
Product Manifest bundle-docurl http://www.apache.org/ Low
Product gradle artifactid woden-core Highest
Product pom parent-groupid org.apache.woden Low
Product Manifest bundle-symbolicname org.apache.woden.core Medium
Product Manifest specification-title Apache Woden Medium
Product manifest Bundle-Description The Woden project is a subproject of the Apache Web Services Project to develop a Java class library for reading, manipulating, creating and writing WSDL documents, initially to support WSDL 2.0 but with the longer term aim of supporting past, present and future versions of WSDL. There are two main deliverables: an API and an implementation. The Woden API consists of a set of Java interfaces. The WSDL 2.0-specific portion of the Woden API conforms to the W3C WSDL 2.0 specification. The implementation will be a high performance implementation directly usable in other Apache projects ... Low
Product Manifest Implementation-Title Apache Woden High
Product pom name Woden - Core High
Product Manifest Bundle-Name Woden - Core Medium
Version central version 1.0M10 Highest
Version Manifest Implementation-Version 1.0M10 High
Version file version 1.0.m10 Highest
Version pom version 1.0M10 Highest
jsr311-api-1.1.1.jar
License:
CDDL License
: http://www.opensource.org/licenses/cddl1.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\javax.ws.rs\jsr311-api\1.1.1\59033da2a1afd56af1ac576750a8d0b1830d59e6\jsr311-api-1.1.1.jar
MD5: c9803468299ec255c047a280ddec510f
SHA1: 59033da2a1afd56af1ac576750a8d0b1830d59e6
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor gradle groupid javax.ws.rs Highest
Vendor Manifest specification-vendor Sun Microsystems, Inc. Low
Vendor Manifest bundle-docurl http://www.sun.com/ Low
Vendor pom organization name Sun Microsystems, Inc High
Vendor pom organization url http://www.sun.com/ Medium
Vendor pom name jsr311-api High
Vendor pom groupid javax.ws.rs Highest
Vendor Manifest extension-name javax.ws.rs Medium
Vendor pom artifactid jsr311-api Low
Vendor central groupid javax.ws.rs Highest
Vendor pom url https://jsr311.dev.java.net Highest
Vendor file name jsr311-api High
Vendor Manifest bundle-symbolicname javax.ws.rs.jsr311-api Medium
Product central artifactid jsr311-api Highest
Product pom artifactid jsr311-api Highest
Product pom groupid javax.ws.rs Low
Product Manifest bundle-docurl http://www.sun.com/ Low
Product Manifest Bundle-Name jsr311-api Medium
Product pom organization url http://www.sun.com/ Low
Product pom name jsr311-api High
Product Manifest specification-title JAX-RS: Java API for RESTful Web Services Medium
Product pom url https://jsr311.dev.java.net Medium
Product gradle artifactid jsr311-api Highest
Product Manifest extension-name javax.ws.rs Medium
Product file name jsr311-api High
Product pom organization name Sun Microsystems, Inc Low
Product Manifest bundle-symbolicname javax.ws.rs.jsr311-api Medium
Version pom version 1.1.1 Highest
Version file version 1.1.1 Highest
Version central version 1.1.1 Highest
commons-pool2-2.4.2.jar
Description: Apache Commons Object Pooling Library
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.commons\commons-pool2\2.4.2\e5f4f28f19d57716fbc3989d7a357ebf1e454fea\commons-pool2-2.4.2.jar
MD5: 62727a85e2e1bf6a756f5571d19cc71c
SHA1: e5f4f28f19d57716fbc3989d7a357ebf1e454fea
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-pool/ Low
Vendor pom description Apache Commons Object Pooling Library Medium
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor pom url http://commons.apache.org/proper/commons-pool/ Highest
Vendor pom groupid apache.commons Highest
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom parent-groupid org.apache.commons Medium
Vendor Manifest bundle-symbolicname org.apache.commons.pool2 Medium
Vendor file name commons-pool2 High
Vendor manifest Bundle-Description Apache Commons Object Pooling Library Medium
Vendor central groupid org.apache.commons Highest
Vendor pom name Apache Commons Pool High
Vendor pom parent-artifactid commons-parent Low
Vendor pom artifactid commons-pool2 Low
Vendor gradle groupid org.apache.commons Highest
Vendor Manifest implementation-build tags/POOL_2_4_2_RC1@r1693165; 2015-07-29 02:14:43+0000 Low
Product pom parent-groupid org.apache.commons Low
Product Manifest bundle-docurl http://commons.apache.org/proper/commons-pool/ Low
Product pom description Apache Commons Object Pooling Library Medium
Product pom artifactid commons-pool2 Highest
Product Manifest bundle-symbolicname org.apache.commons.pool2 Medium
Product pom parent-artifactid commons-parent Medium
Product file name commons-pool2 High
Product manifest Bundle-Description Apache Commons Object Pooling Library Medium
Product pom name Apache Commons Pool High
Product pom url http://commons.apache.org/proper/commons-pool/ Medium
Product central artifactid commons-pool2 Highest
Product pom groupid apache.commons Low
Product Manifest Bundle-Name Apache Commons Pool Medium
Product Manifest Implementation-Title Apache Commons Pool High
Product Manifest specification-title Apache Commons Pool Medium
Product Manifest implementation-build tags/POOL_2_4_2_RC1@r1693165; 2015-07-29 02:14:43+0000 Low
Product gradle artifactid commons-pool2 Highest
Version central version 2.4.2 Highest
Version pom version 2.4.2 Highest
Version Manifest Implementation-Version 2.4.2 High
Version file version 2.4.2 Highest
geronimo-j2ee-connector_1.6_spec-1.0.jar
Description: Java 2 Connector Architecture API
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.geronimo.specs\geronimo-j2ee-connector_1.6_spec\1.0\a1a1cb635415af603ffba27987ffcd3422fb7801\geronimo-j2ee-connector_1.6_spec-1.0.jar
MD5: f4add9eb4ff4b8c4d7591852e6d04e5f
SHA1: a1a1cb635415af603ffba27987ffcd3422fb7801
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom url http://geronimo.apache.org/maven/${siteId}/${version} Highest
Vendor manifest Bundle-Description Java 2 Connector Architecture API Medium
Vendor file name geronimo-j2ee-connector_1.6_spec-1.0 High
Vendor pom name J2EE Connector 1.6 High
Vendor pom parent-groupid org.apache.geronimo.genesis Medium
Vendor Manifest bundle-docurl http://geronimo.apache.org/maven/specs/geronimo-j2ee-connector_1.6_spec/1.0 Low
Vendor pom description Java 2 Connector Architecture API Medium
Vendor central groupid org.apache.geronimo.specs Highest
Vendor Manifest bundle-symbolicname org.apache.geronimo.specs.geronimo-j2ee-connector_1.6_spec Medium
Vendor pom artifactid geronimo-j2ee-connector_1.6_spec Low
Vendor pom parent-artifactid genesis-java5-flava Low
Vendor gradle groupid org.apache.geronimo.specs Highest
Vendor pom groupid apache.geronimo.specs Highest
Product manifest Bundle-Description Java 2 Connector Architecture API Medium
Product Manifest Bundle-Name J2EE Connector 1.6 Medium
Product Manifest Implementation-Title J2EE Connector 1.6 High
Product pom artifactid geronimo-j2ee-connector_1.6_spec Highest
Product gradle artifactid geronimo-j2ee-connector_1.6_spec Highest
Product pom groupid apache.geronimo.specs Low
Product file name geronimo-j2ee-connector_1.6_spec-1.0 High
Product pom url http://geronimo.apache.org/maven/${siteId}/${version} Medium
Product central artifactid geronimo-j2ee-connector_1.6_spec Highest
Product pom name J2EE Connector 1.6 High
Product Manifest bundle-docurl http://geronimo.apache.org/maven/specs/geronimo-j2ee-connector_1.6_spec/1.0 Low
Product pom description Java 2 Connector Architecture API Medium
Product pom parent-groupid org.apache.geronimo.genesis Low
Product Manifest bundle-symbolicname org.apache.geronimo.specs.geronimo-j2ee-connector_1.6_spec Medium
Product pom parent-artifactid genesis-java5-flava Medium
Version Manifest Implementation-Version 1.0 High
Version pom version 1.0 Highest
Version central version 1.0 Highest
httpclient-4.5.3.jar
Description:
Apache HttpComponents Client
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.httpcomponents\httpclient\4.5.3\d1577ae15f01ef5438c5afc62162457c00a34713\httpclient-4.5.3.jar
MD5: 1965ebb7aca0f9f8faaed3870d8cf689
SHA1: d1577ae15f01ef5438c5afc62162457c00a34713
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom url http://hc.apache.org/httpcomponents-client Highest
Vendor pom parent-groupid org.apache.httpcomponents Medium
Vendor pom artifactid httpclient Low
Vendor gradle groupid org.apache.httpcomponents Highest
Vendor Manifest url http://hc.apache.org/httpcomponents-client Low
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor file name httpclient High
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor Manifest implementation-build tags/4.5.3-RC1/httpclient@r1779741; 2017-01-21 16:58:35+0100 Low
Vendor pom name Apache HttpClient High
Vendor pom description
Apache HttpComponents Client
Medium
Vendor central groupid org.apache.httpcomponents Highest
Vendor pom groupid apache.httpcomponents Highest
Vendor pom parent-artifactid httpcomponents-client Low
Product pom parent-groupid org.apache.httpcomponents Low
Product Manifest url http://hc.apache.org/httpcomponents-client Low
Product pom groupid apache.httpcomponents Low
Product file name httpclient High
Product Manifest Implementation-Title HttpComponents Apache HttpClient High
Product Manifest implementation-build tags/4.5.3-RC1/httpclient@r1779741; 2017-01-21 16:58:35+0100 Low
Product pom parent-artifactid httpcomponents-client Medium
Product pom name Apache HttpClient High
Product pom description
Apache HttpComponents Client
Medium
Product Manifest specification-title HttpComponents Apache HttpClient Medium
Product pom url http://hc.apache.org/httpcomponents-client Medium
Product pom artifactid httpclient Highest
Product gradle artifactid httpclient Highest
Product central artifactid httpclient Highest
Version file version 4.5.3 Highest
Version Manifest Implementation-Version 4.5.3 High
Version pom version 4.5.3 Highest
Version central version 4.5.3 Highest
commons-codec-1.10.jar
Description:
The Apache Commons Codec package contains simple encoder and decoders for
various formats such as Base64 and Hexadecimal. In addition to these
widely used encoders and decoders, the codec package also maintains a
collection of phonetic encoding utilities.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\commons-codec\commons-codec\1.10\4b95f4897fa13f2cd904aee711aeafc0c5295cd8\commons-codec-1.10.jar
MD5: 353cf6a2bdba09595ccfa073b78c7fcb
SHA1: 4b95f4897fa13f2cd904aee711aeafc0c5295cd8
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom description The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities. Low
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor pom groupid commons-codec Highest
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor gradle groupid commons-codec Highest
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom parent-groupid org.apache.commons Medium
Vendor Manifest implementation-build trunk@r1637108; 2014-11-06 14:14:12+0000 Low
Vendor manifest Bundle-Description The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities. Low
Vendor pom url http://commons.apache.org/proper/commons-codec/ Highest
Vendor central groupid commons-codec Highest
Vendor pom artifactid commons-codec Low
Vendor pom parent-artifactid commons-parent Low
Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-codec/ Low
Vendor Manifest bundle-symbolicname org.apache.commons.codec Medium
Vendor file name commons-codec High
Vendor pom name Apache Commons Codec High
Product pom parent-groupid org.apache.commons Low
Product pom description The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities. Low
Product pom url http://commons.apache.org/proper/commons-codec/ Medium
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Product central artifactid commons-codec Highest
Product Manifest implementation-build trunk@r1637108; 2014-11-06 14:14:12+0000 Low
Product manifest Bundle-Description The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities. Low
Product pom artifactid commons-codec Highest
Product pom parent-artifactid commons-parent Medium
Product Manifest Implementation-Title Apache Commons Codec High
Product Manifest specification-title Apache Commons Codec Medium
Product Manifest bundle-docurl http://commons.apache.org/proper/commons-codec/ Low
Product pom groupid commons-codec Low
Product Manifest Bundle-Name Apache Commons Codec Medium
Product Manifest bundle-symbolicname org.apache.commons.codec Medium
Product gradle artifactid commons-codec Highest
Product file name commons-codec High
Product pom name Apache Commons Codec High
Version pom version 1.10 Highest
Version Manifest Implementation-Version 1.10 High
Version file version 1.10 Highest
Version central version 1.10 Highest
shiro-lang-1.4.0.jar
Description:
The lang module encapsulates only language-specific utilities that are used by various
other modules. It exists to augment what we would have liked to see in the JDK but does not exist.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.shiro\shiro-lang\1.4.0\6895b5d14e7be7a77297336b037d7a7e79e858d6\shiro-lang-1.4.0.jar
MD5: c654a538ef466eb33aeb7ff59e027a01
SHA1: 6895b5d14e7be7a77297336b037d7a7e79e858d6
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom name Apache Shiro :: Lang High
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor pom parent-artifactid shiro-root Low
Vendor pom parent-groupid org.apache.shiro Medium
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor manifest Bundle-Description The lang module encapsulates only language-specific utilities that are used by various other modules. It exists to augment what we would have liked to see in the JDK but does not exist. Low
Vendor pom artifactid shiro-lang Low
Vendor Manifest bundle-docurl https://www.apache.org/ Low
Vendor pom groupid apache.shiro Highest
Vendor file name shiro-lang High
Vendor gradle groupid org.apache.shiro Highest
Vendor Manifest bundle-symbolicname org.apache.shiro.lang Medium
Vendor pom description The lang module encapsulates only language-specific utilities that are used by various other modules. It exists to augment what we would have liked to see in the JDK but does not exist. Low
Vendor Manifest Implementation-Vendor-Id org.apache.shiro Medium
Vendor central groupid org.apache.shiro Highest
Product pom name Apache Shiro :: Lang High
Product pom artifactid shiro-lang Highest
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Product pom parent-groupid org.apache.shiro Low
Product pom parent-artifactid shiro-root Medium
Product pom groupid apache.shiro Low
Product manifest Bundle-Description The lang module encapsulates only language-specific utilities that are used by various other modules. It exists to augment what we would have liked to see in the JDK but does not exist. Low
Product Manifest bundle-docurl https://www.apache.org/ Low
Product file name shiro-lang High
Product Manifest Bundle-Name Apache Shiro :: Lang Medium
Product gradle artifactid shiro-lang Highest
Product Manifest bundle-symbolicname org.apache.shiro.lang Medium
Product Manifest Implementation-Title Apache Shiro :: Lang High
Product pom description The lang module encapsulates only language-specific utilities that are used by various other modules. It exists to augment what we would have liked to see in the JDK but does not exist. Low
Product central artifactid shiro-lang Highest
Product Manifest specification-title Apache Shiro :: Lang Medium
Version file version 1.4.0 Highest
Version central version 1.4.0 Highest
Version Manifest Implementation-Version 1.4.0 High
Version pom version 1.4.0 Highest
shiro-cache-1.4.0.jar
Description: Apache Shiro is a powerful and flexible open-source security framework that cleanly handles authentication, authorization, enterprise session management, single sign-on and cryptography services.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.shiro\shiro-cache\1.4.0\ae1496cbdc4cce35c87d9014723863e049f9e2b4\shiro-cache-1.4.0.jar
MD5: 1424b34527e464edb0c42f74ce68876e
SHA1: ae1496cbdc4cce35c87d9014723863e049f9e2b4
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest bundle-symbolicname org.apache.shiro.cache Medium
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor pom parent-artifactid shiro-root Low
Vendor pom parent-groupid org.apache.shiro Medium
Vendor file name shiro-cache High
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Vendor manifest Bundle-Description Apache Shiro is a powerful and flexible open-source security framework that cleanly handles authentication, authorization, enterprise session management, single sign-on and cryptography services. Low
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom artifactid shiro-cache Low
Vendor Manifest bundle-docurl https://www.apache.org/ Low
Vendor pom groupid apache.shiro Highest
Vendor gradle groupid org.apache.shiro Highest
Vendor pom name Apache Shiro :: Cache High
Vendor Manifest Implementation-Vendor-Id org.apache.shiro Medium
Vendor central groupid org.apache.shiro Highest
Product gradle artifactid shiro-cache Highest
Product Manifest bundle-symbolicname org.apache.shiro.cache Medium
Product file name shiro-cache High
Product Manifest specification-title Apache Shiro :: Cache Medium
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Product manifest Bundle-Description Apache Shiro is a powerful and flexible open-source security framework that cleanly handles authentication, authorization, enterprise session management, single sign-on and cryptography services. Low
Product pom parent-groupid org.apache.shiro Low
Product pom parent-artifactid shiro-root Medium
Product pom groupid apache.shiro Low
Product Manifest bundle-docurl https://www.apache.org/ Low
Product central artifactid shiro-cache Highest
Product Manifest Bundle-Name Apache Shiro :: Cache Medium
Product pom artifactid shiro-cache Highest
Product Manifest Implementation-Title Apache Shiro :: Cache High
Product pom name Apache Shiro :: Cache High
Version file version 1.4.0 Highest
Version central version 1.4.0 Highest
Version Manifest Implementation-Version 1.4.0 High
Version pom version 1.4.0 Highest
shiro-crypto-hash-1.4.0.jar
Description: Apache Shiro is a powerful and flexible open-source security framework that cleanly handles authentication, authorization, enterprise session management, single sign-on and cryptography services.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.shiro\shiro-crypto-hash\1.4.0\b767d3db10f01dfba79c04cbc9e17eae0247b9c\shiro-crypto-hash-1.4.0.jar
MD5: 66dafe1350b86759d887ab181f181759
SHA1: 0b767d3db10f01dfba79c04cbc9e17eae0247b9c
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom artifactid shiro-crypto-hash Low
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor pom parent-artifactid shiro-root Low
Vendor pom parent-groupid org.apache.shiro Medium
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Vendor manifest Bundle-Description Apache Shiro is a powerful and flexible open-source security framework that cleanly handles authentication, authorization, enterprise session management, single sign-on and cryptography services. Low
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor Manifest bundle-symbolicname org.apache.shiro.crypto.hash Medium
Vendor Manifest bundle-docurl https://www.apache.org/ Low
Vendor pom groupid apache.shiro Highest
Vendor pom name Apache Shiro :: Cryptography :: Hashing High
Vendor gradle groupid org.apache.shiro Highest
Vendor file name shiro-crypto-hash High
Vendor Manifest Implementation-Vendor-Id org.apache.shiro Medium
Vendor central groupid org.apache.shiro Highest
Product gradle artifactid shiro-crypto-hash Highest
Product Manifest Bundle-Name Apache Shiro :: Cryptography :: Hashing Medium
Product Manifest Implementation-Title Apache Shiro :: Cryptography :: Hashing High
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Product manifest Bundle-Description Apache Shiro is a powerful and flexible open-source security framework that cleanly handles authentication, authorization, enterprise session management, single sign-on and cryptography services. Low
Product pom parent-groupid org.apache.shiro Low
Product pom parent-artifactid shiro-root Medium
Product Manifest bundle-symbolicname org.apache.shiro.crypto.hash Medium
Product pom groupid apache.shiro Low
Product pom artifactid shiro-crypto-hash Highest
Product Manifest bundle-docurl https://www.apache.org/ Low
Product pom name Apache Shiro :: Cryptography :: Hashing High
Product Manifest specification-title Apache Shiro :: Cryptography :: Hashing Medium
Product central artifactid shiro-crypto-hash Highest
Product file name shiro-crypto-hash High
Version file version 1.4.0 Highest
Version central version 1.4.0 Highest
Version Manifest Implementation-Version 1.4.0 High
Version pom version 1.4.0 Highest
shiro-crypto-cipher-1.4.0.jar
Description: Apache Shiro is a powerful and flexible open-source security framework that cleanly handles authentication, authorization, enterprise session management, single sign-on and cryptography services.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.shiro\shiro-crypto-cipher\1.4.0\78020924ddce7632daa3b9acb698167c240df623\shiro-crypto-cipher-1.4.0.jar
MD5: 869c982ffffd7e8dc228500dd4ece97d
SHA1: 78020924ddce7632daa3b9acb698167c240df623
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor file name shiro-crypto-cipher High
Vendor pom name Apache Shiro :: Cryptography :: Ciphers High
Vendor pom artifactid shiro-crypto-cipher Low
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor pom parent-artifactid shiro-root Low
Vendor pom parent-groupid org.apache.shiro Medium
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Vendor manifest Bundle-Description Apache Shiro is a powerful and flexible open-source security framework that cleanly handles authentication, authorization, enterprise session management, single sign-on and cryptography services. Low
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor Manifest bundle-docurl https://www.apache.org/ Low
Vendor pom groupid apache.shiro Highest
Vendor gradle groupid org.apache.shiro Highest
Vendor Manifest bundle-symbolicname org.apache.shiro.crypto.cipher Medium
Vendor Manifest Implementation-Vendor-Id org.apache.shiro Medium
Vendor central groupid org.apache.shiro Highest
Product file name shiro-crypto-cipher High
Product pom name Apache Shiro :: Cryptography :: Ciphers High
Product central artifactid shiro-crypto-cipher Highest
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Product manifest Bundle-Description Apache Shiro is a powerful and flexible open-source security framework that cleanly handles authentication, authorization, enterprise session management, single sign-on and cryptography services. Low
Product pom parent-groupid org.apache.shiro Low
Product pom parent-artifactid shiro-root Medium
Product gradle artifactid shiro-crypto-cipher Highest
Product pom groupid apache.shiro Low
Product Manifest bundle-docurl https://www.apache.org/ Low
Product pom artifactid shiro-crypto-cipher Highest
Product Manifest Bundle-Name Apache Shiro :: Cryptography :: Ciphers Medium
Product Manifest bundle-symbolicname org.apache.shiro.crypto.cipher Medium
Product Manifest specification-title Apache Shiro :: Cryptography :: Ciphers Medium
Product Manifest Implementation-Title Apache Shiro :: Cryptography :: Ciphers High
Version file version 1.4.0 Highest
Version central version 1.4.0 Highest
Version Manifest Implementation-Version 1.4.0 High
Version pom version 1.4.0 Highest
shiro-config-core-1.4.0.jar
Description: Apache Shiro is a powerful and flexible open-source security framework that cleanly handles authentication, authorization, enterprise session management, single sign-on and cryptography services.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.shiro\shiro-config-core\1.4.0\7d7ede51d15d346d962da9a3743064ddc9163b1d\shiro-config-core-1.4.0.jar
MD5: e0a4f21cff332ce5debddd7633b7d243
SHA1: 7d7ede51d15d346d962da9a3743064ddc9163b1d
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor pom parent-artifactid shiro-root Low
Vendor pom parent-groupid org.apache.shiro Medium
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Vendor manifest Bundle-Description Apache Shiro is a powerful and flexible open-source security framework that cleanly handles authentication, authorization, enterprise session management, single sign-on and cryptography services. Low
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor Manifest bundle-docurl https://www.apache.org/ Low
Vendor pom artifactid shiro-config-core Low
Vendor file name shiro-config-core High
Vendor pom groupid apache.shiro Highest
Vendor gradle groupid org.apache.shiro Highest
Vendor pom name Apache Shiro :: Configuration :: Core High
Vendor Manifest bundle-symbolicname org.apache.shiro.config.core Medium
Vendor Manifest Implementation-Vendor-Id org.apache.shiro Medium
Vendor central groupid org.apache.shiro Highest
Product Manifest Bundle-Name Apache Shiro :: Configuration :: Core Medium
Product Manifest Implementation-Title Apache Shiro :: Configuration :: Core High
Product central artifactid shiro-config-core Highest
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Product manifest Bundle-Description Apache Shiro is a powerful and flexible open-source security framework that cleanly handles authentication, authorization, enterprise session management, single sign-on and cryptography services. Low
Product pom parent-groupid org.apache.shiro Low
Product Manifest specification-title Apache Shiro :: Configuration :: Core Medium
Product pom parent-artifactid shiro-root Medium
Product pom groupid apache.shiro Low
Product gradle artifactid shiro-config-core Highest
Product Manifest bundle-docurl https://www.apache.org/ Low
Product file name shiro-config-core High
Product pom name Apache Shiro :: Configuration :: Core High
Product Manifest bundle-symbolicname org.apache.shiro.config.core Medium
Product pom artifactid shiro-config-core Highest
Version file version 1.4.0 Highest
Version central version 1.4.0 Highest
Version Manifest Implementation-Version 1.4.0 High
Version pom version 1.4.0 Highest
shiro-config-ogdl-1.4.0.jar
Description: Support for Shiro's Object Graph Definition Language (mostly used in Ini configuration) where
declared name/value pairs are interpreted to create an object graph
License:
https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.shiro\shiro-config-ogdl\1.4.0\28c5f1338030eed8f911f0a816a5ef2716f786a6\shiro-config-ogdl-1.4.0.jar
MD5: 1a3efbe65e8e5b20f540fcf8a73c13c4
SHA1: 28c5f1338030eed8f911f0a816a5ef2716f786a6
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor pom parent-artifactid shiro-root Low
Vendor pom parent-groupid org.apache.shiro Medium
Vendor pom name Apache Shiro :: Configuration :: OGDL High
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom description Support for Shiro's Object Graph Definition Language (mostly used in Ini configuration) where declared name/value pairs are interpreted to create an object graph Low
Vendor Manifest bundle-docurl https://www.apache.org/ Low
Vendor pom artifactid shiro-config-ogdl Low
Vendor pom groupid apache.shiro Highest
Vendor file name shiro-config-ogdl High
Vendor gradle groupid org.apache.shiro Highest
Vendor manifest Bundle-Description Support for Shiro's Object Graph Definition Language (mostly used in Ini configuration) where declared name/value pairs are interpreted to create an object graph Low
Vendor Manifest bundle-symbolicname org.apache.shiro.config.core Medium
Vendor Manifest Implementation-Vendor-Id org.apache.shiro Medium
Vendor central groupid org.apache.shiro Highest
Product Manifest Implementation-Title Apache Shiro :: Configuration :: OGDL High
Product pom artifactid shiro-config-ogdl Highest
Product Manifest Bundle-Name Apache Shiro :: Configuration :: OGDL Medium
Product pom name Apache Shiro :: Configuration :: OGDL High
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Product pom parent-groupid org.apache.shiro Low
Product pom description Support for Shiro's Object Graph Definition Language (mostly used in Ini configuration) where declared name/value pairs are interpreted to create an object graph Low
Product Manifest specification-title Apache Shiro :: Configuration :: OGDL Medium
Product pom parent-artifactid shiro-root Medium
Product pom groupid apache.shiro Low
Product Manifest bundle-docurl https://www.apache.org/ Low
Product file name shiro-config-ogdl High
Product gradle artifactid shiro-config-ogdl Highest
Product manifest Bundle-Description Support for Shiro's Object Graph Definition Language (mostly used in Ini configuration) where declared name/value pairs are interpreted to create an object graph Low
Product Manifest bundle-symbolicname org.apache.shiro.config.core Medium
Product central artifactid shiro-config-ogdl Highest
Version file version 1.4.0 Highest
Version central version 1.4.0 Highest
Version Manifest Implementation-Version 1.4.0 High
Version pom version 1.4.0 Highest
shiro-event-1.4.0.jar
Description: Apache Shiro is a powerful and flexible open-source security framework that cleanly handles authentication, authorization, enterprise session management, single sign-on and cryptography services.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.shiro\shiro-event\1.4.0\df4e83b5200940439e0c7ba4fc145902900e2cd\shiro-event-1.4.0.jar
MD5: 2c7267be4f08a425b52287fa01687a2a
SHA1: 0df4e83b5200940439e0c7ba4fc145902900e2cd
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom name Apache Shiro :: Event High
Vendor file name shiro-event High
Vendor Manifest bundle-symbolicname org.apache.shiro.event Medium
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor pom artifactid shiro-event Low
Vendor pom parent-artifactid shiro-root Low
Vendor pom parent-groupid org.apache.shiro Medium
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Vendor manifest Bundle-Description Apache Shiro is a powerful and flexible open-source security framework that cleanly handles authentication, authorization, enterprise session management, single sign-on and cryptography services. Low
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor Manifest bundle-docurl https://www.apache.org/ Low
Vendor pom groupid apache.shiro Highest
Vendor gradle groupid org.apache.shiro Highest
Vendor Manifest Implementation-Vendor-Id org.apache.shiro Medium
Vendor central groupid org.apache.shiro Highest
Product pom name Apache Shiro :: Event High
Product file name shiro-event High
Product Manifest bundle-symbolicname org.apache.shiro.event Medium
Product Manifest specification-title Apache Shiro :: Event Medium
Product Manifest Implementation-Title Apache Shiro :: Event High
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Product manifest Bundle-Description Apache Shiro is a powerful and flexible open-source security framework that cleanly handles authentication, authorization, enterprise session management, single sign-on and cryptography services. Low
Product pom parent-groupid org.apache.shiro Low
Product pom parent-artifactid shiro-root Medium
Product Manifest Bundle-Name Apache Shiro :: Event Medium
Product pom groupid apache.shiro Low
Product pom artifactid shiro-event Highest
Product Manifest bundle-docurl https://www.apache.org/ Low
Product central artifactid shiro-event Highest
Product gradle artifactid shiro-event Highest
Version file version 1.4.0 Highest
Version central version 1.4.0 Highest
Version Manifest Implementation-Version 1.4.0 High
Version pom version 1.4.0 Highest
vorbis-java-tika-0.8.jar
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.gagravarr\vorbis-java-tika\0.8\4ddbb27ac5884a0f0398a63d46a89d3bc87dc457\vorbis-java-tika-0.8.jar
MD5: 85c7b34d5f94e66bf0c79f5d673db750
SHA1: 4ddbb27ac5884a0f0398a63d46a89d3bc87dc457
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom parent-artifactid vorbis-java-parent Low
Vendor pom parent-groupid org.gagravarr Medium
Vendor file name vorbis-java-tika High
Vendor gradle groupid org.gagravarr Highest
Vendor pom artifactid vorbis-java-tika Low
Vendor jar package name tika Low
Vendor central groupid org.gagravarr Highest
Vendor jar package name gagravarr Low
Vendor pom name Apache Tika plugin for Ogg, Vorbis and FLAC High
Vendor pom url Gagravarr/VorbisJava Highest
Vendor pom groupid gagravarr Highest
Product file name vorbis-java-tika High
Product pom groupid gagravarr Low
Product pom url Gagravarr/VorbisJava High
Product central artifactid vorbis-java-tika Highest
Product pom parent-groupid org.gagravarr Low
Product pom parent-artifactid vorbis-java-parent Medium
Product gradle artifactid vorbis-java-tika Highest
Product pom artifactid vorbis-java-tika Highest
Product jar package name tika Low
Product pom name Apache Tika plugin for Ogg, Vorbis and FLAC High
Version file version 0.8 Highest
Version central version 0.8 Highest
Version pom version 0.8 Highest
Published Vulnerabilities
CVE-2016-6809 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data
Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization.
Vulnerable Software & Versions:
jackcess-2.1.8.jar
Description: A pure Java library for reading from and writing to MS Access databases.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.healthmarketscience.jackcess\jackcess\2.1.8\dfc7156e11ce33bbcb7f4f6724a87b9d969f2fd6\jackcess-2.1.8.jar
MD5: 8f85f1c9a32d43c0771e11759f0cb210
SHA1: dfc7156e11ce33bbcb7f4f6724a87b9d969f2fd6
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom description A pure Java library for reading from and writing to MS Access databases. Medium
Vendor Manifest bundle-docurl http://www.healthmarketscience.com Low
Vendor pom artifactid jackcess Low
Vendor gradle groupid com.healthmarketscience.jackcess Highest
Vendor pom parent-artifactid openhms-parent Low
Vendor pom name Jackcess High
Vendor pom url http://jackcess.sf.net Highest
Vendor central groupid com.healthmarketscience.jackcess Highest
Vendor file name jackcess High
Vendor Manifest bundle-symbolicname com.healthmarketscience.jackcess Medium
Vendor pom groupid healthmarketscience.jackcess Highest
Vendor manifest Bundle-Description A pure Java library for reading from and writing to MS Access databases. Medium
Vendor pom parent-groupid com.healthmarketscience Medium
Product pom description A pure Java library for reading from and writing to MS Access databases. Medium
Product Manifest bundle-docurl http://www.healthmarketscience.com Low
Product pom artifactid jackcess Highest
Product pom groupid healthmarketscience.jackcess Low
Product pom parent-artifactid openhms-parent Medium
Product pom name Jackcess High
Product central artifactid jackcess Highest
Product file name jackcess High
Product Manifest bundle-symbolicname com.healthmarketscience.jackcess Medium
Product gradle artifactid jackcess Highest
Product pom parent-groupid com.healthmarketscience Low
Product Manifest Bundle-Name Jackcess Medium
Product manifest Bundle-Description A pure Java library for reading from and writing to MS Access databases. Medium
Product pom url http://jackcess.sf.net Medium
Version file version 2.1.8 Highest
Version central version 2.1.8 Highest
Version pom version 2.1.8 Highest
jackcess-encrypt-2.1.2.jar
Description: An add-on to the Jackcess library for handling encryption in MS Access files.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.healthmarketscience.jackcess\jackcess-encrypt\2.1.2\c11d7a42af7070b84d832198558df52032de734c\jackcess-encrypt-2.1.2.jar
MD5: 6680420439292d286c51ab8b76a53be7
SHA1: c11d7a42af7070b84d832198558df52032de734c
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest bundle-docurl http://www.healthmarketscience.com Low
Vendor manifest Bundle-Description An add-on to the Jackcess library for handling encryption in MS Access files. Medium
Vendor Manifest bundle-symbolicname com.healthmarketscience.jackcess.encrypt Medium
Vendor file name jackcess-encrypt High
Vendor gradle groupid com.healthmarketscience.jackcess Highest
Vendor pom parent-artifactid openhms-parent Low
Vendor pom artifactid jackcess-encrypt Low
Vendor pom description An add-on to the Jackcess library for handling encryption in MS Access files. Medium
Vendor pom url http://jackcessencrypt.sf.net Highest
Vendor central groupid com.healthmarketscience.jackcess Highest
Vendor pom groupid healthmarketscience.jackcess Highest
Vendor pom name Jackcess Encrypt High
Vendor pom parent-groupid com.healthmarketscience Medium
Product pom artifactid jackcess-encrypt Highest
Product Manifest Bundle-Name Jackcess Encrypt Medium
Product Manifest bundle-docurl http://www.healthmarketscience.com Low
Product manifest Bundle-Description An add-on to the Jackcess library for handling encryption in MS Access files. Medium
Product Manifest bundle-symbolicname com.healthmarketscience.jackcess.encrypt Medium
Product file name jackcess-encrypt High
Product pom groupid healthmarketscience.jackcess Low
Product pom parent-artifactid openhms-parent Medium
Product gradle artifactid jackcess-encrypt Highest
Product pom description An add-on to the Jackcess library for handling encryption in MS Access files. Medium
Product pom parent-groupid com.healthmarketscience Low
Product central artifactid jackcess-encrypt Highest
Product pom name Jackcess Encrypt High
Product pom url http://jackcessencrypt.sf.net Medium
Version file version 2.1.2 Highest
Version central version 2.1.2 Highest
Version pom version 2.1.2 Highest
jmatio-1.2.jar
Description: Matlab's MAT-file I/O API in JAVA. Supports Matlab 5 MAT-flie format reading and writing. Written in pure JAVA.
License:
BSD: http://www.linfo.org/bsdlicense.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.tallison\jmatio\1.2\69d8f2f49c1503f9b15b0eb50b1905a734a025e2\jmatio-1.2.jar
MD5: 237ce61a21ae9570ee5754fb5a54c57e
SHA1: 69d8f2f49c1503f9b15b0eb50b1905a734a025e2
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor file name jmatio High
Vendor jar package name types Low
Vendor pom artifactid jmatio Low
Vendor pom name JMatIO High
Vendor jar package name jmatio Low
Vendor gradle groupid org.tallison Highest
Vendor pom url tballison/jmatio Highest
Vendor pom groupid tallison Highest
Vendor pom description Matlab's MAT-file I/O API in JAVA. Supports Matlab 5 MAT-flie format reading and writing. Written in pure JAVA. Low
Vendor central groupid org.tallison Highest
Product file name jmatio High
Product jar package name types Low
Product pom name JMatIO High
Product central artifactid jmatio Highest
Product pom artifactid jmatio Highest
Product pom description Matlab's MAT-file I/O API in JAVA. Supports Matlab 5 MAT-flie format reading and writing. Written in pure JAVA. Low
Product gradle artifactid jmatio Highest
Product pom groupid tallison Low
Product pom url tballison/jmatio High
Version central version 1.2 Highest
Version file version 1.2 Highest
Version pom version 1.2 Highest
apache-mime4j-core-0.8.1.jar
Description: Java stream based MIME message parser
License:
https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.james\apache-mime4j-core\0.8.1\c62dfe18a3b827a2c626ade0ffba44562ddf3f61\apache-mime4j-core-0.8.1.jar
MD5: d675e31f6dbfb2b4d3c0df666b594cec
SHA1: c62dfe18a3b827a2c626ade0ffba44562ddf3f61
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor central groupid org.apache.james Highest
Vendor Manifest Implementation-Vendor-Id org.apache.james Medium
Vendor file name apache-mime4j-core High
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom artifactid apache-mime4j-core Low
Vendor gradle groupid org.apache.james Highest
Vendor pom parent-artifactid apache-mime4j-project Low
Vendor Manifest bundle-docurl https://www.apache.org/ Low
Vendor pom name Apache James :: Mime4j :: Core High
Vendor manifest Bundle-Description Java stream based MIME message parser Medium
Vendor pom groupid apache.james Highest
Vendor Manifest bundle-symbolicname org.apache.james.apache-mime4j-core Medium
Vendor pom parent-groupid org.apache.james Medium
Product central artifactid apache-mime4j-core Highest
Product file name apache-mime4j-core High
Product pom parent-artifactid apache-mime4j-project Medium
Product Manifest specification-title Apache James :: Mime4j :: Core Medium
Product Manifest bundle-docurl https://www.apache.org/ Low
Product pom name Apache James :: Mime4j :: Core High
Product manifest Bundle-Description Java stream based MIME message parser Medium
Product gradle artifactid apache-mime4j-core Highest
Product Manifest Bundle-Name Apache James :: Mime4j :: Core Medium
Product pom groupid apache.james Low
Product Manifest bundle-symbolicname org.apache.james.apache-mime4j-core Medium
Product pom artifactid apache-mime4j-core Highest
Product Manifest Implementation-Title Apache James :: Mime4j :: Core High
Product pom parent-groupid org.apache.james Low
Version file version 0.8.1 Highest
Version central version 0.8.1 Highest
Version Manifest Implementation-Version 0.8.1 High
Version pom version 0.8.1 Highest
apache-mime4j-dom-0.8.1.jar
Description: Java MIME Document Object Model
License:
https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.james\apache-mime4j-dom\0.8.1\f2d653c617004193f3350330d907f77b60c88c56\apache-mime4j-dom-0.8.1.jar
MD5: 891730030753fea16f1f8a8776db0c51
SHA1: f2d653c617004193f3350330d907f77b60c88c56
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor central groupid org.apache.james Highest
Vendor Manifest Implementation-Vendor-Id org.apache.james Medium
Vendor Manifest bundle-symbolicname org.apache.james.apache-mime4j-dom Medium
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor manifest Bundle-Description Java MIME Document Object Model Medium
Vendor gradle groupid org.apache.james Highest
Vendor pom parent-artifactid apache-mime4j-project Low
Vendor Manifest bundle-docurl https://www.apache.org/ Low
Vendor file name apache-mime4j-dom High
Vendor pom groupid apache.james Highest
Vendor pom artifactid apache-mime4j-dom Low
Vendor pom name Apache James :: Mime4j :: DOM High
Vendor pom description Java MIME Document Object Model Medium
Vendor pom parent-groupid org.apache.james Medium
Product Manifest Bundle-Name Apache James :: Mime4j :: DOM Medium
Product Manifest Implementation-Title Apache James :: Mime4j :: DOM High
Product gradle artifactid apache-mime4j-dom Highest
Product Manifest bundle-symbolicname org.apache.james.apache-mime4j-dom Medium
Product manifest Bundle-Description Java MIME Document Object Model Medium
Product pom parent-artifactid apache-mime4j-project Medium
Product central artifactid apache-mime4j-dom Highest
Product Manifest bundle-docurl https://www.apache.org/ Low
Product file name apache-mime4j-dom High
Product Manifest specification-title Apache James :: Mime4j :: DOM Medium
Product pom artifactid apache-mime4j-dom Highest
Product pom groupid apache.james Low
Product pom name Apache James :: Mime4j :: DOM High
Product pom description Java MIME Document Object Model Medium
Product pom parent-groupid org.apache.james Low
Version file version 0.8.1 Highest
Version central version 0.8.1 Highest
Version Manifest Implementation-Version 0.8.1 High
Version pom version 0.8.1 Highest
commons-compress-1.14.jar
Description:
Apache Commons Compress software defines an API for working with
compression and archive formats. These include: bzip2, gzip, pack200,
lzma, xz, Snappy, traditional Unix Compress, DEFLATE, LZ4, Brotli and ar, cpio,
jar, tar, zip, dump, 7z, arj.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.commons\commons-compress\1.14\7b18320d668ab080758bf5383d6d8fcf750babce\commons-compress-1.14.jar
MD5: 6dbbb8b86e98bde1f240ea475cf829fb
SHA1: 7b18320d668ab080758bf5383d6d8fcf750babce
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom description
Apache Commons Compress software defines an API for working with
compression and archive formats. These include: bzip2, gzip, pack200,
lzma, xz, Snappy, traditional Unix Compress, DEFLATE, LZ4, Brotli and ar, cpio,
jar, tar, zip, dump, 7z, arj. Low
Vendor Manifest implementation-url http://commons.apache.org/proper/commons-compress/ Low
Vendor pom artifactid commons-compress Low
Vendor file name commons-compress High
Vendor Manifest bundle-symbolicname org.apache.commons.compress Medium
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor pom name Apache Commons Compress High
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor pom groupid apache.commons Highest
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom parent-groupid org.apache.commons Medium
Vendor pom url http://commons.apache.org/proper/commons-compress/ Highest
Vendor manifest Bundle-Description Apache Commons Compress software defines an API for working withcompression and archive formats. These include: bzip2, gzip, pack200,lzma, xz, Snappy, traditional Unix Compress, DEFLATE, LZ4, Brotli and ar, cpio,jar, tar, zip, dump, 7z, arj. Low
Vendor central groupid org.apache.commons Highest
Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-compress/ Low
Vendor pom parent-artifactid commons-parent Low
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Vendor Manifest implementation-build UNKNOWN@rdd7c7702bf51886aa8bd88b24d98619f310fbeda; 2017-05-11 21:08:28+0200 Low
Vendor gradle groupid org.apache.commons Highest
Vendor Manifest extension-name org.apache.commons.compress Medium
Product gradle artifactid commons-compress Highest
Product pom description
Apache Commons Compress software defines an API for working with
compression and archive formats. These include: bzip2, gzip, pack200,
lzma, xz, Snappy, traditional Unix Compress, DEFLATE, LZ4, Brotli and ar, cpio,
jar, tar, zip, dump, 7z, arj. Low
Product Manifest implementation-url http://commons.apache.org/proper/commons-compress/ Low
Product pom parent-groupid org.apache.commons Low
Product file name commons-compress High
Product Manifest bundle-symbolicname org.apache.commons.compress Medium
Product pom name Apache Commons Compress High
Product pom url http://commons.apache.org/proper/commons-compress/ Medium
Product manifest Bundle-Description Apache Commons Compress software defines an API for working withcompression and archive formats. These include: bzip2, gzip, pack200,lzma, xz, Snappy, traditional Unix Compress, DEFLATE, LZ4, Brotli and ar, cpio,jar, tar, zip, dump, 7z, arj. Low
Product Manifest Bundle-Name Apache Commons Compress Medium
Product pom parent-artifactid commons-parent Medium
Product Manifest bundle-docurl http://commons.apache.org/proper/commons-compress/ Low
Product pom artifactid commons-compress Highest
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Product pom groupid apache.commons Low
Product Manifest implementation-build UNKNOWN@rdd7c7702bf51886aa8bd88b24d98619f310fbeda; 2017-05-11 21:08:28+0200 Low
Product central artifactid commons-compress Highest
Product Manifest extension-name org.apache.commons.compress Medium
Product Manifest Implementation-Title Apache Commons Compress High
Product Manifest specification-title Apache Commons Compress Medium
Version central version 1.14 Highest
Version file version 1.14 Highest
Version Manifest Implementation-Version 1.14 High
Version pom version 1.14 Highest
xz-1.6.jar
Description: XZ data compression
License:
Public Domain
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.tukaani\xz\1.6\5b6f921f1810bdf90e25471968f741f87168b64\xz-1.6.jar
MD5: f1bd86b27cb86528aadc973dcd60f6ca
SHA1: 05b6f921f1810bdf90e25471968f741f87168b64
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor central groupid org.tukaani Highest
Vendor pom name XZ for Java High
Vendor Manifest bundle-symbolicname org.tukaani.xz Medium
Vendor Manifest implementation-url http://tukaani.org/xz/java.html Low
Vendor pom groupid tukaani Highest
Vendor pom url http://tukaani.org/xz/java.html Highest
Vendor jar package name tukaani Low
Vendor pom description XZ data compression Medium
Vendor file name xz High
Vendor Manifest bundle-docurl http://tukaani.org/xz/java.html Low
Vendor jar package name xz Low
Vendor gradle groupid org.tukaani Highest
Vendor pom artifactid xz Low
Product pom url http://tukaani.org/xz/java.html Medium
Product pom name XZ for Java High
Product pom artifactid xz Highest
Product Manifest bundle-symbolicname org.tukaani.xz Medium
Product Manifest implementation-url http://tukaani.org/xz/java.html Low
Product central artifactid xz Highest
Product pom description XZ data compression Medium
Product file name xz High
Product Manifest Implementation-Title XZ data compression High
Product Manifest bundle-docurl http://tukaani.org/xz/java.html Low
Product jar package name xz Low
Product gradle artifactid xz Highest
Product Manifest Bundle-Name XZ data compression Medium
Product pom groupid tukaani Low
Version file version 1.6 Highest
Version Manifest Implementation-Version 1.6 High
Version central version 1.6 Highest
Version pom version 1.6 Highest
cpe: cpe:/a:tukaani:xz:1.6
Confidence :Low
suppress
maven: org.tukaani:xz:1.6 ✓
Confidence :Highest
Published Vulnerabilities
CVE-2015-4035 suppress
Severity:
Medium
CVSS Score: 4.6
(AV:L/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation
scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not properly process file names containing semicolons, which allows remote attackers to execute arbitrary code by having a user run xzgrep on a crafted file name.
Vulnerable Software & Versions:
pdfbox-2.0.6.jar
Description:
The Apache PDFBox library is an open source Java tool for working with PDF documents.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.pdfbox\pdfbox\2.0.6\68616a583c5f9b9ba72140364d15a07cd937ce0e\pdfbox-2.0.6.jar
MD5: 65dadb46a0185e4d644104444abb8ff4
SHA1: 68616a583c5f9b9ba72140364d15a07cd937ce0e
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom name Apache PDFBox High
Vendor pom parent-groupid org.apache.pdfbox Medium
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor gradle groupid org.apache.pdfbox Highest
Vendor Manifest bundle-docurl http://pdfbox.apache.org Low
Vendor Manifest Implementation-Vendor-Id org.apache.pdfbox Medium
Vendor Manifest bundle-symbolicname org.apache.pdfbox Medium
Vendor central groupid org.apache.pdfbox Highest
Vendor pom parent-artifactid pdfbox-parent Low
Vendor file name pdfbox High
Vendor manifest Bundle-Description The Apache PDFBox library is an open source Java tool for working with PDF documents. Medium
Vendor pom groupid apache.pdfbox Highest
Vendor pom artifactid pdfbox Low
Vendor pom description
The Apache PDFBox library is an open source Java tool for working with PDF documents.
Medium
Product pom parent-groupid org.apache.pdfbox Low
Product pom name Apache PDFBox High
Product Manifest specification-title Apache PDFBox Medium
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Product gradle artifactid pdfbox Highest
Product Manifest Implementation-Title Apache PDFBox High
Product Manifest Bundle-Name Apache PDFBox Medium
Product Manifest bundle-docurl http://pdfbox.apache.org Low
Product Manifest bundle-symbolicname org.apache.pdfbox Medium
Product central artifactid pdfbox Highest
Product pom groupid apache.pdfbox Low
Product file name pdfbox High
Product pom artifactid pdfbox Highest
Product pom parent-artifactid pdfbox-parent Medium
Product manifest Bundle-Description The Apache PDFBox library is an open source Java tool for working with PDF documents. Medium
Product pom description
The Apache PDFBox library is an open source Java tool for working with PDF documents.
Medium
Version pom version 2.0.6 Highest
Version Manifest Implementation-Version 2.0.6 High
Version file version 2.0.6 Highest
Version central version 2.0.6 Highest
pdfbox-tools-2.0.6.jar
Description:
The Apache PDFBox library is an open source Java tool for working with PDF documents.
This artefact contains commandline tools using Apache PDFBox.
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.pdfbox\pdfbox-tools\2.0.6\3b0c2622015c048a29496291cfe44f235f5c7cdf\pdfbox-tools-2.0.6.jar
MD5: 06e926f45d7a339b3b504d84fbc51fb5
SHA1: 3b0c2622015c048a29496291cfe44f235f5c7cdf
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom parent-groupid org.apache.pdfbox Medium
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor pom name Apache PDFBox tools High
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor gradle groupid org.apache.pdfbox Highest
Vendor Manifest Implementation-Vendor-Id org.apache.pdfbox Medium
Vendor central groupid org.apache.pdfbox Highest
Vendor pom parent-artifactid pdfbox-parent Low
Vendor pom artifactid pdfbox-tools Low
Vendor file name pdfbox-tools High
Vendor pom groupid apache.pdfbox Highest
Vendor pom description The Apache PDFBox library is an open source Java tool for working with PDF documents. This artefact contains commandline tools using Apache PDFBox. Low
Product pom parent-groupid org.apache.pdfbox Low
Product Manifest Implementation-Title Apache PDFBox tools High
Product pom groupid apache.pdfbox Low
Product central artifactid pdfbox-tools Highest
Product Manifest specification-title Apache PDFBox tools Medium
Product pom parent-artifactid pdfbox-parent Medium
Product pom artifactid pdfbox-tools Highest
Product pom name Apache PDFBox tools High
Product file name pdfbox-tools High
Product gradle artifactid pdfbox-tools Highest
Product pom description The Apache PDFBox library is an open source Java tool for working with PDF documents. This artefact contains commandline tools using Apache PDFBox. Low
Version pom version 2.0.6 Highest
Version Manifest Implementation-Version 2.0.6 High
Version file version 2.0.6 Highest
Version central version 2.0.6 Highest
jempbox-1.8.13.jar
Description:
The Apache JempBox library is an open source Java tool that implements Adobe's XMP(TM)
specification. JempBox is a subproject of Apache PDFBox.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.pdfbox\jempbox\1.8.13\a874cef0ed0e2a8c4cc5ed52c23ba3e6d78eca4e\jempbox-1.8.13.jar
MD5: 449968f1151d4a9ce2e8a71f8e2622cf
SHA1: a874cef0ed0e2a8c4cc5ed52c23ba3e6d78eca4e
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom parent-groupid org.apache.pdfbox Medium
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor Manifest bundle-symbolicname org.apache.pdfbox.jempbox Medium
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor gradle groupid org.apache.pdfbox Highest
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low
Vendor Manifest bundle-docurl http://pdfbox.apache.org Low
Vendor Manifest Implementation-Vendor-Id org.apache.pdfbox Medium
Vendor central groupid org.apache.pdfbox Highest
Vendor manifest Bundle-Description The Apache JempBox library is an open source Java tool that implements Adobe's XMP(TM) specification. JempBox is a subproject of Apache PDFBox. Low
Vendor pom parent-artifactid pdfbox-parent Low
Vendor pom name Apache JempBox High
Vendor pom description The Apache JempBox library is an open source Java tool that implements Adobe's XMP(TM) specification. JempBox is a subproject of Apache PDFBox. Low
Vendor pom artifactid jempbox Low
Vendor pom groupid apache.pdfbox Highest
Vendor file name jempbox High
Product pom parent-groupid org.apache.pdfbox Low
Product Manifest bundle-symbolicname org.apache.pdfbox.jempbox Medium
Product pom artifactid jempbox Highest
Product central artifactid jempbox Highest
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low
Product Manifest bundle-docurl http://pdfbox.apache.org Low
Product Manifest Implementation-Title Apache JempBox High
Product pom groupid apache.pdfbox Low
Product manifest Bundle-Description The Apache JempBox library is an open source Java tool that implements Adobe's XMP(TM) specification. JempBox is a subproject of Apache PDFBox. Low
Product pom name Apache JempBox High
Product Manifest Bundle-Name Apache JempBox Medium
Product gradle artifactid jempbox Highest
Product pom parent-artifactid pdfbox-parent Medium
Product pom description The Apache JempBox library is an open source Java tool that implements Adobe's XMP(TM) specification. JempBox is a subproject of Apache PDFBox. Low
Product Manifest specification-title Apache JempBox Medium
Product file name jempbox High
Version file version 1.8.13 Highest
Version Manifest Implementation-Version 1.8.13 High
Version pom version 1.8.13 Highest
Version central version 1.8.13 Highest
bcmail-jdk15on-1.54.jar
Description: The Bouncy Castle Java S/MIME APIs for handling S/MIME protocols. This jar contains S/MIME APIs for JDK 1.5 to JDK 1.8. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs. The JavaMail API and the Java activation framework will also be needed.
License:
Bouncy Castle Licence: http://www.bouncycastle.org/licence.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.bouncycastle\bcmail-jdk15on\1.54\9d9b5432b4b29ef4a853223bc6e19379ef116cca\bcmail-jdk15on-1.54.jar
MD5: 6ae65fb53cf2112141aa050b465d4b92
SHA1: 9d9b5432b4b29ef4a853223bc6e19379ef116cca
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest originally-created-by 24.91-b01 (Oracle Corporation) Low
Vendor Manifest caller-allowable-codebase * Low
Vendor jar package name smime Low
Vendor Manifest bundle-symbolicname bcmail Medium
Vendor pom url http://www.bouncycastle.org/java.html Highest
Vendor pom artifactid bcmail-jdk15on Low
Vendor file name bcmail-jdk15on High
Vendor Manifest application-library-allowable-codebase * Low
Vendor Manifest specification-vendor BouncyCastle.org Low
Vendor gradle groupid org.bouncycastle Highest
Vendor jar package name bouncycastle Low
Vendor Manifest extension-name org.bouncycastle.bcmail Medium
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5, JavaSE-1.6, JavaSE-1.7, JavaSE-1.8, JavaSE-1.9 Low
Vendor Manifest Implementation-Vendor-Id org.bouncycastle Medium
Vendor central groupid org.bouncycastle Highest
Vendor jar package name mail Low
Vendor Manifest permissions all-permissions Low
Vendor Manifest application-name Bouncy Castle S/MIME API Medium
Vendor pom groupid bouncycastle Highest
Vendor Manifest Implementation-Vendor BouncyCastle.org High
Vendor pom name Bouncy Castle S/MIME API High
Vendor Manifest codebase * Low
Vendor pom description The Bouncy Castle Java S/MIME APIs for handling S/MIME protocols. This jar contains S/MIME APIs for JDK 1.5 to JDK 1.8. The APIs can be used in conjunction with a JCE/JCA provider ... Low
Product Manifest Bundle-Name bcmail Medium
Product Manifest originally-created-by 24.91-b01 (Oracle Corporation) Low
Product Manifest caller-allowable-codebase * Low
Product jar package name smime Low
Product pom groupid bouncycastle Low
Product gradle artifactid bcmail-jdk15on Highest
Product Manifest bundle-symbolicname bcmail Medium
Product file name bcmail-jdk15on High
Product Manifest application-library-allowable-codebase * Low
Product Manifest extension-name org.bouncycastle.bcmail Medium
Product Manifest bundle-requiredexecutionenvironment J2SE-1.5, JavaSE-1.6, JavaSE-1.7, JavaSE-1.8, JavaSE-1.9 Low
Product jar package name mail Low
Product Manifest permissions all-permissions Low
Product Manifest application-name Bouncy Castle S/MIME API Medium
Product central artifactid bcmail-jdk15on Highest
Product pom url http://www.bouncycastle.org/java.html Medium
Product pom artifactid bcmail-jdk15on Highest
Product pom name Bouncy Castle S/MIME API High
Product Manifest codebase * Low
Product pom description The Bouncy Castle Java S/MIME APIs for handling S/MIME protocols. This jar contains S/MIME APIs for JDK 1.5 to JDK 1.8. The APIs can be used in conjunction with a JCE/JCA provider ... Low
Version pom version 1.54 Highest
Version Manifest Implementation-Version 1.54.0 High
Version file version 1.54 Highest
Version central version 1.54 Highest
bcprov-jdk15on-1.54.jar
Description: The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 to JDK 1.8.
License:
Bouncy Castle Licence: http://www.bouncycastle.org/licence.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.bouncycastle\bcprov-jdk15on\1.54\1acdedeb89f1d950d67b73d481eb7736df65eedb\bcprov-jdk15on-1.54.jar
MD5: 66a9905f98513cc5e53eabcc9af3c0fb
SHA1: 1acdedeb89f1d950d67b73d481eb7736df65eedb
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest originally-created-by 24.91-b01 (Oracle Corporation) Low
Vendor file name bcprov-jdk15on High
Vendor Manifest caller-allowable-codebase * Low
Vendor pom artifactid bcprov-jdk15on Low
Vendor pom url http://www.bouncycastle.org/java.html Highest
Vendor pom name Bouncy Castle Provider High
Vendor Manifest application-library-allowable-codebase * Low
Vendor Manifest specification-vendor BouncyCastle.org Low
Vendor gradle groupid org.bouncycastle Highest
Vendor Manifest application-name Bouncy Castle Provider Medium
Vendor jar package name bouncycastle Low
Vendor Manifest extension-name org.bouncycastle.bcprovider Medium
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5, JavaSE-1.6, JavaSE-1.7, JavaSE-1.8, JavaSE-1.9 Low
Vendor Manifest Implementation-Vendor-Id org.bouncycastle Medium
Vendor central groupid org.bouncycastle Highest
Vendor Manifest permissions all-permissions Low
Vendor pom groupid bouncycastle Highest
Vendor pom description The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 to JDK 1.8. Low
Vendor Manifest Implementation-Vendor BouncyCastle.org High
Vendor Manifest bundle-symbolicname bcprov Medium
Vendor Manifest codebase * Low
Product Manifest originally-created-by 24.91-b01 (Oracle Corporation) Low
Product file name bcprov-jdk15on High
Product Manifest caller-allowable-codebase * Low
Product pom groupid bouncycastle Low
Product pom name Bouncy Castle Provider High
Product Manifest application-library-allowable-codebase * Low
Product Manifest application-name Bouncy Castle Provider Medium
Product Manifest Bundle-Name bcprov Medium
Product Manifest extension-name org.bouncycastle.bcprovider Medium
Product gradle artifactid bcprov-jdk15on Highest
Product Manifest bundle-requiredexecutionenvironment J2SE-1.5, JavaSE-1.6, JavaSE-1.7, JavaSE-1.8, JavaSE-1.9 Low
Product Manifest permissions all-permissions Low
Product pom url http://www.bouncycastle.org/java.html Medium
Product pom description The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 to JDK 1.8. Low
Product central artifactid bcprov-jdk15on Highest
Product Manifest bundle-symbolicname bcprov Medium
Product Manifest codebase * Low
Product pom artifactid bcprov-jdk15on Highest
Version pom version 1.54 Highest
Version Manifest Implementation-Version 1.54.0 High
Version file version 1.54 Highest
Version central version 1.54 Highest
cpe: cpe:/a:bouncycastle:bouncy_castle_crypto_package:1.54
Confidence :Low
suppress
maven: org.bouncycastle:bcprov-jdk15on:1.54 ✓
Confidence :Highest
cpe: cpe:/a:bouncycastle:bouncy-castle-crypto-package:1.54
Confidence :Low
suppress
poi-scratchpad-3.17-beta1.jar
Description: Apache POI - Java API To Access Microsoft Format Files
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.poi\poi-scratchpad\3.17-beta1\d4ad39b023c377ec534ab25205344eb79da4996b\poi-scratchpad-3.17-beta1.jar
MD5: 78d476ac08be52002b3b2fc2d5890d89
SHA1: d4ad39b023c377ec534ab25205344eb79da4996b
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor gradle groupid org.apache.poi Highest
Vendor jar package name apache Low
Vendor pom description Apache POI - Java API To Access Microsoft Format Files Medium
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor pom artifactid poi-scratchpad Low
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor central groupid org.apache.poi Highest
Vendor pom organization url http://www.apache.org/ Medium
Vendor Manifest Implementation-Vendor-Id org.apache.poi Medium
Vendor pom organization name Apache Software Foundation High
Vendor pom url http://poi.apache.org/ Highest
Vendor pom groupid apache.poi Highest
Vendor pom name Apache POI High
Vendor file name poi-scratchpad High
Vendor jar package name poi Low
Product pom groupid apache.poi Low
Product pom description Apache POI - Java API To Access Microsoft Format Files Medium
Product pom artifactid poi-scratchpad Highest
Product Manifest Implementation-Title Apache POI High
Product Manifest specification-title Apache POI Medium
Product pom organization url http://www.apache.org/ Low
Product central artifactid poi-scratchpad Highest
Product pom name Apache POI High
Product file name poi-scratchpad High
Product pom organization name Apache Software Foundation Low
Product pom url http://poi.apache.org/ Medium
Product gradle artifactid poi-scratchpad Highest
Product jar package name poi Low
Version Manifest Implementation-Version 3.17-beta1 High
Version pom version 3.17-beta1 Highest
Version central version 3.17-beta1 Highest
poi-ooxml-3.17-beta1.jar
Description: Apache POI - Java API To Access Microsoft Format Files
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.poi\poi-ooxml\3.17-beta1\96f537614c5f5ec232fb8832313280dcb93c59ab\poi-ooxml-3.17-beta1.jar
MD5: 6dad7f7ff6f538098ee1ac741aadaebd
SHA1: 96f537614c5f5ec232fb8832313280dcb93c59ab
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor gradle groupid org.apache.poi Highest
Vendor jar package name apache Low
Vendor pom artifactid poi-ooxml Low
Vendor pom description Apache POI - Java API To Access Microsoft Format Files Medium
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor central groupid org.apache.poi Highest
Vendor pom organization url http://www.apache.org/ Medium
Vendor Manifest Implementation-Vendor-Id org.apache.poi Medium
Vendor pom organization name Apache Software Foundation High
Vendor pom url http://poi.apache.org/ Highest
Vendor pom groupid apache.poi Highest
Vendor pom name Apache POI High
Vendor jar package name poi Low
Vendor file name poi-ooxml High
Product pom groupid apache.poi Low
Product pom description Apache POI - Java API To Access Microsoft Format Files Medium
Product jar package name usermodel Low
Product central artifactid poi-ooxml Highest
Product Manifest Implementation-Title Apache POI High
Product Manifest specification-title Apache POI Medium
Product pom artifactid poi-ooxml Highest
Product pom organization url http://www.apache.org/ Low
Product pom name Apache POI High
Product pom organization name Apache Software Foundation Low
Product pom url http://poi.apache.org/ Medium
Product gradle artifactid poi-ooxml Highest
Product jar package name poi Low
Product file name poi-ooxml High
Version Manifest Implementation-Version 3.17-beta1 High
Version pom version 3.17-beta1 Highest
Version central version 3.17-beta1 Highest
tagsoup-1.2.1.jar
Description: TagSoup is a SAX-compliant parser written in Java that, instead of parsing well-formed or valid XML, parses HTML as it is found in the wild: poor, nasty and brutish, though quite often far from short. TagSoup is designed for people who have to process this stuff using some semblance of a rational application design. By providing a SAX interface, it allows standard XML tools to be applied to even the worst HTML. TagSoup also includes a command-line processor that reads HTML files and can generate either clean HTML or well-formed XML that is a close approximation to XHTML.
License:
Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.ccil.cowan.tagsoup\tagsoup\1.2.1\5584627487e984c03456266d3f8802eb85a9ce97\tagsoup-1.2.1.jar
MD5: ae73a52cdcbec10cd61d9ef22fab5936
SHA1: 5584627487e984c03456266d3f8802eb85a9ce97
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom artifactid tagsoup Low
Vendor jar package name cowan Low
Vendor central groupid org.ccil.cowan.tagsoup Highest
Vendor jar package name tagsoup Low
Vendor jar package name ccil Low
Vendor pom description TagSoup is a SAX-compliant parser written in Java that, instead of parsing well-formed or valid XML, parses HTML as it is found in the wild: poor, nasty and brutish, though quite often far from short. TagSoup is designed for people who have to process this stuff using some semblance of a rational application design. By providing a SAX interface, it allows standard XML tools to be applied to even the worst HTML. TagSoup also includes a command-line processor that reads HTML files and can generate either clean HTML or well-formed XML that is a close approximation to XHTML. Low
Vendor gradle groupid org.ccil.cowan.tagsoup Highest
Vendor pom groupid ccil.cowan.tagsoup Highest
Vendor pom name TagSoup High
Vendor file name tagsoup High
Vendor pom url http://home.ccil.org/~cowan/XML/tagsoup/ Highest
Product pom artifactid tagsoup Highest
Product gradle artifactid tagsoup Highest
Product jar package name cowan Low
Product jar package name tagsoup Low
Product pom description TagSoup is a SAX-compliant parser written in Java that, instead of parsing well-formed or valid XML, parses HTML as it is found in the wild: poor, nasty and brutish, though quite often far from short. TagSoup is designed for people who have to process this stuff using some semblance of a rational application design. By providing a SAX interface, it allows standard XML tools to be applied to even the worst HTML. TagSoup also includes a command-line processor that reads HTML files and can generate either clean HTML or well-formed XML that is a close approximation to XHTML. Low
Product pom groupid ccil.cowan.tagsoup Low
Product pom url http://home.ccil.org/~cowan/XML/tagsoup/ Medium
Product pom name TagSoup High
Product central artifactid tagsoup Highest
Product file name tagsoup High
Version pom version 1.2.1 Highest
Version central version 1.2.1 Highest
Version file version 1.2.1 Highest
isoparser-1.1.18.jar
Description: A generic parser and writer for all ISO 14496 based files (MP4, Quicktime, DCF, PDCF, ...)
License:
Apache Software License - Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.googlecode.mp4parser\isoparser\1.1.18\c74bdac64b22f1e245a7657149a43437aae4a9d3\isoparser-1.1.18.jar
MD5: e2902a2f427f2d6bf6b245f9b100feed
SHA1: c74bdac64b22f1e245a7657149a43437aae4a9d3
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor central groupid com.googlecode.mp4parser Highest
Vendor pom url http://code.google.com/p/mp4parser/ Highest
Vendor gradle groupid com.googlecode.mp4parser Highest
Vendor pom name ISO Parser High
Vendor file name isoparser High
Vendor pom description A generic parser and writer for all ISO 14496 based files (MP4, Quicktime, DCF, PDCF, ...)
Medium
Vendor jar package name mp4parser Low
Vendor pom groupid googlecode.mp4parser Highest
Vendor pom artifactid isoparser Low
Product pom artifactid isoparser Highest
Product gradle artifactid isoparser Highest
Product pom name ISO Parser High
Product pom groupid googlecode.mp4parser Low
Product file name isoparser High
Product central artifactid isoparser Highest
Product pom description A generic parser and writer for all ISO 14496 based files (MP4, Quicktime, DCF, PDCF, ...)
Medium
Product pom url http://code.google.com/p/mp4parser/ Medium
Version pom version 1.1.18 Highest
Version file version 1.1.18 Highest
Version central version 1.1.18 Highest
metadata-extractor-2.9.1.jar
Description: Java library for extracting EXIF, IPTC, XMP, ICC and other metadata from image files.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.drewnoakes\metadata-extractor\2.9.1\53fdf22be10c9d426ec63431c7342895bc642261\metadata-extractor-2.9.1.jar
MD5: 2ca081a3d5fc1bcfbb51cc11808a8b88
SHA1: 53fdf22be10c9d426ec63431c7342895bc642261
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor gradle groupid com.drewnoakes Highest
Vendor pom groupid drewnoakes Highest
Vendor pom name ${project.groupId}:${project.artifactId} High
Vendor Manifest Implementation-Vendor Drew Noakes High
Vendor pom description Java library for extracting EXIF, IPTC, XMP, ICC and other metadata from image files. Medium
Vendor central groupid com.drewnoakes Highest
Vendor pom url https://drewnoakes.com/code/exif/ Highest
Vendor file name metadata-extractor High
Vendor pom artifactid metadata-extractor Low
Product central artifactid metadata-extractor Highest
Product pom name ${project.groupId}:${project.artifactId} High
Product pom url https://drewnoakes.com/code/exif/ Medium
Product gradle artifactid metadata-extractor Highest
Product pom artifactid metadata-extractor Highest
Product pom description Java library for extracting EXIF, IPTC, XMP, ICC and other metadata from image files. Medium
Product file name metadata-extractor High
Product Manifest Implementation-Title metadata-extractor High
Product pom groupid drewnoakes Low
Version Manifest Implementation-Version 2.9.1 High
Version pom version 2.9.1 Highest
Version central version 2.9.1 Highest
Version file version 2.9.1 Highest
boilerpipe-1.1.0.jar
Description: The boilerpipe library provides algorithms to detect and remove the surplus "clutter" (boilerplate, templates) around the main textual content of a web page.
The library already provides specific strategies for common tasks (for example: news article extraction) and may also be easily extended for individual problem settings.
Extracting content is very fast (milliseconds), just needs the input document (no global or site-level information required) and is usually quite accurate.
Boilerpipe is a Java library written by Christian Kohlschütter. It is released under the Apache License 2.0.
The algorithms used by the library are based on (and extending) some concepts of the paper "Boilerplate Detection using Shallow Text Features" by Christian Kohlschütter et al., presented at WSDM 2010 -- The Third ACM International Conference on Web Search and Data Mining New York City, NY USA.
License:
Apache License 2.0
File Path: Z:\Gradle\caches\modules-2\files-2.1\de.l3s.boilerpipe\boilerpipe\1.1.0\f62cb75ed52455a9e68d1d05b84c500673340eb2\boilerpipe-1.1.0.jar
MD5: 0616568083786d0f49e2cb07a5d09fe4
SHA1: f62cb75ed52455a9e68d1d05b84c500673340eb2
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor gradle groupid de.l3s.boilerpipe Highest
Vendor jar package name boilerpipe Low
Vendor pom groupid de.l3s.boilerpipe Highest
Vendor file name boilerpipe High
Vendor pom artifactid boilerpipe Low
Vendor jar package name de Low
Vendor jar package name l3s Low
Vendor central groupid de.l3s.boilerpipe Highest
Vendor pom url http://code.google.com/p/boilerpipe/ Highest
Vendor pom description The boilerpipe library provides algorithms to detect and remove the surplus "clutter" (boilerplate, templates) around the main textual content of a web page. The library already provides specific strategies for common tasks (for example: news article extraction) and may also be easily extended for individual problem settings. Extracting content is very fast (milliseconds), just needs the input document (no global or site-level information required) and is usually quite accurate. Boilerpipe is a Java library written by Christian Kohlschütter. It is released under the Apache License 2.0. The algorithms used by the library are based on (and extending) some concepts of the paper "Boilerplate Detection using Shallow Text Features" by Christian Kohlschütter et al., presented at WSDM 2010 -- The Third ACM International Conference on Web Search and Data Mining New York City, NY USA. Low
Vendor pom name Boilerpipe -- Boilerplate Removal and Fulltext Extraction from HTML pages High
Product jar package name boilerpipe Low
Product pom url http://code.google.com/p/boilerpipe/ Medium
Product file name boilerpipe High
Product pom groupid de.l3s.boilerpipe Low
Product pom artifactid boilerpipe Highest
Product jar package name l3s Low
Product central artifactid boilerpipe Highest
Product gradle artifactid boilerpipe Highest
Product pom description The boilerpipe library provides algorithms to detect and remove the surplus "clutter" (boilerplate, templates) around the main textual content of a web page. The library already provides specific strategies for common tasks (for example: news article extraction) and may also be easily extended for individual problem settings. Extracting content is very fast (milliseconds), just needs the input document (no global or site-level information required) and is usually quite accurate. Boilerpipe is a Java library written by Christian Kohlschütter. It is released under the Apache License 2.0. The algorithms used by the library are based on (and extending) some concepts of the paper "Boilerplate Detection using Shallow Text Features" by Christian Kohlschütter et al., presented at WSDM 2010 -- The Third ACM International Conference on Web Search and Data Mining New York City, NY USA. Low
Product pom name Boilerpipe -- Boilerplate Removal and Fulltext Extraction from HTML pages High
Version pom version 1.1.0 Highest
Version file version 1.1.0 Highest
Version central version 1.1.0 Highest
rome-1.5.1.jar
Description: All Roads Lead to ROME. ROME is a set of Atom/RSS Java utilities that make it
easy to work in Java with most syndication formats. Today it accepts all flavors of RSS
(0.90, 0.91, 0.92, 0.93, 0.94, 1.0 and 2.0), Atom 0.3 and Atom 1.0 feeds. Rome includes
a set of parsers and generators for the various flavors of feeds, as well as converters
to convert from one format to another. The parsers can give you back Java objects that
are either specific for the format you want to work with, or a generic normalized
SyndFeed object that lets you work on with the data without bothering about the
underlying format.
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.rometools\rome\1.5.1\cc3489f066749bede7fc81f4e80c0d8c9534a210\rome-1.5.1.jar
MD5: 07039d4b871513942d0495311947275f
SHA1: cc3489f066749bede7fc81f4e80c0d8c9534a210
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest Implementation-Vendor-Id com.rometools Medium
Vendor pom url http://rometools.github.io/rome/ Highest
Vendor pom artifactid rome Low
Vendor file name rome High
Vendor pom parent-groupid com.rometools Medium
Vendor gradle groupid com.rometools Highest
Vendor pom groupid rometools Highest
Vendor pom parent-artifactid rome-parent Low
Vendor pom name rome High
Vendor central groupid com.rometools Highest
Vendor pom description All Roads Lead to ROME. ROME is a set of Atom/RSS Java utilities that make it easy to work in Java with most syndication formats. Today it accepts all flavors of RSS (0.90, 0.91, 0.92, 0.93, 0.94, 1.0 and 2.0), Atom 0.3 and Atom 1.0 feeds. Rome includes a set of parsers and generators for the various flavors of feeds, as well as converters to convert from one format to another. The parsers can give you back Java objects that are either specific for the format you want to work with, or a generic normalized SyndFeed object that lets you work on with the data without bothering about the underlying format. Low
Product pom artifactid rome Highest
Product Manifest specification-title rome Medium
Product Manifest Implementation-Title rome High
Product pom url http://rometools.github.io/rome/ Medium
Product pom parent-groupid com.rometools Low
Product gradle artifactid rome Highest
Product file name rome High
Product pom parent-artifactid rome-parent Medium
Product pom groupid rometools Low
Product pom name rome High
Product central artifactid rome Highest
Product pom description All Roads Lead to ROME. ROME is a set of Atom/RSS Java utilities that make it easy to work in Java with most syndication formats. Today it accepts all flavors of RSS (0.90, 0.91, 0.92, 0.93, 0.94, 1.0 and 2.0), Atom 0.3 and Atom 1.0 feeds. Rome includes a set of parsers and generators for the various flavors of feeds, as well as converters to convert from one format to another. The parsers can give you back Java objects that are either specific for the format you want to work with, or a generic normalized SyndFeed object that lets you work on with the data without bothering about the underlying format. Low
Version file version 1.5.1 Highest
Version Manifest Implementation-Version 1.5.1 High
Version pom version 1.5.1 Highest
Version central version 1.5.1 Highest
vorbis-java-core-0.8.jar
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.gagravarr\vorbis-java-core\0.8\7e9937c2575cda2e3fc116415117c74f23e43fa6\vorbis-java-core-0.8.jar
MD5: 71b623b57f56daf112bddb3337ee896d
SHA1: 7e9937c2575cda2e3fc116415117c74f23e43fa6
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom parent-artifactid vorbis-java-parent Low
Vendor pom parent-groupid org.gagravarr Medium
Vendor pom artifactid vorbis-java-core Low
Vendor gradle groupid org.gagravarr Highest
Vendor file name vorbis-java-core High
Vendor central groupid org.gagravarr Highest
Vendor pom name Ogg and Vorbis for Java, Core High
Vendor jar package name gagravarr Low
Vendor pom url Gagravarr/VorbisJava Highest
Vendor pom groupid gagravarr Highest
Product gradle artifactid vorbis-java-core Highest
Product pom groupid gagravarr Low
Product pom url Gagravarr/VorbisJava High
Product pom artifactid vorbis-java-core Highest
Product file name vorbis-java-core High
Product pom parent-groupid org.gagravarr Low
Product pom parent-artifactid vorbis-java-parent Medium
Product central artifactid vorbis-java-core Highest
Product pom name Ogg and Vorbis for Java, Core High
Version file version 0.8 Highest
Version central version 0.8 Highest
Version pom version 0.8 Highest
juniversalchardet-1.0.3.jar
Description: Java port of universalchardet
License:
Mozilla Public License 1.1 (MPL 1.1): http://www.mozilla.org/MPL/MPL-1.1.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.googlecode.juniversalchardet\juniversalchardet\1.0.3\cd49678784c46aa8789c060538e0154013bb421b\juniversalchardet-1.0.3.jar
MD5: d9ea0a9a275336c175b343f2e4cd8f27
SHA1: cd49678784c46aa8789c060538e0154013bb421b
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor central groupid com.googlecode.juniversalchardet Highest
Vendor pom url http://juniversalchardet.googlecode.com/ Highest
Vendor file name juniversalchardet High
Vendor jar package name universalchardet Low
Vendor pom name juniversalchardet High
Vendor pom artifactid juniversalchardet Low
Vendor gradle groupid com.googlecode.juniversalchardet Highest
Vendor pom description Java port of universalchardet Medium
Vendor jar package name mozilla Low
Vendor pom groupid googlecode.juniversalchardet Highest
Vendor jar package name prober Low
Product file name juniversalchardet High
Product pom groupid googlecode.juniversalchardet Low
Product jar package name universalchardet Low
Product central artifactid juniversalchardet Highest
Product pom name juniversalchardet High
Product gradle artifactid juniversalchardet Highest
Product pom artifactid juniversalchardet Highest
Product pom description Java port of universalchardet Medium
Product pom url http://juniversalchardet.googlecode.com/ Medium
Product jar package name prober Low
Version pom version 1.0.3 Highest
Version central version 1.0.3 Highest
Version file version 1.0.3 Highest
jhighlight-1.0.2.jar
Description:
JHighlight is an embeddable pure Java syntax highlighting
library that supports Java, HTML, XHTML, XML and LZX
languages and outputs to XHTML.
It also supports RIFE templates tags and highlights them
clearly so that you can easily identify the difference
between your RIFE markup and the actual marked up source.
License:
CDDL, v1.0: http://www.opensource.org/licenses/cddl1.php
LGPL, v2.1 or later: http://www.opensource.org/licenses/lgpl-license.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.codelibs\jhighlight\1.0.2\992a8a8add10468930efc1f110f2895f68258a1e\jhighlight-1.0.2.jar
MD5: 867f23891848a72f1284ff3aaf18d94e
SHA1: 992a8a8add10468930efc1f110f2895f68258a1e
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name uwyn Low
Vendor pom name JHighlight High
Vendor pom description JHighlight is an embeddable pure Java syntax highlighting library that supports Java, HTML, XHTML, XML and LZX languages and outputs to XHTML. It also supports RIFE templates tags and highlights them clearly so that you can easily identify the difference between your RIFE markup and the actual marked up source. Low
Vendor gradle groupid org.codelibs Highest
Vendor central groupid org.codelibs Highest
Vendor pom groupid codelibs Highest
Vendor pom artifactid jhighlight Low
Vendor pom url codelibs/jhighlight Highest
Vendor file name jhighlight High
Vendor jar package name jhighlight Low
Vendor jar package name fastutil Low
Product central artifactid jhighlight Highest
Product pom name JHighlight High
Product pom description JHighlight is an embeddable pure Java syntax highlighting library that supports Java, HTML, XHTML, XML and LZX languages and outputs to XHTML. It also supports RIFE templates tags and highlights them clearly so that you can easily identify the difference between your RIFE markup and the actual marked up source. Low
Product file name jhighlight High
Product pom url codelibs/jhighlight High
Product jar package name jhighlight Low
Product jar package name fastutil Low
Product pom artifactid jhighlight Highest
Product gradle artifactid jhighlight Highest
Product pom groupid codelibs Low
Version pom version 1.0.2 Highest
Version file version 1.0.2 Highest
Version central version 1.0.2 Highest
java-libpst-0.8.1.jar
Description: A library to read PST files with java, without need for external libraries.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.pff\java-libpst\0.8.1\ad31986653dac9cb5132ea5b2999c20b4b286255\java-libpst-0.8.1.jar
MD5: 6be27662e0b06154e5f05938937d16b7
SHA1: ad31986653dac9cb5132ea5b2999c20b4b286255
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom url https://code.google.com/p/java-libpst/ Highest
Vendor file name java-libpst High
Vendor jar package name pff Low
Vendor pom name java-libpst High
Vendor gradle groupid com.pff Highest
Vendor pom groupid pff Highest
Vendor pom description A library to read PST files with java, without need for external libraries. Medium
Vendor central groupid com.pff Highest
Vendor pom artifactid java-libpst Low
Product file name java-libpst High
Product pom artifactid java-libpst Highest
Product gradle artifactid java-libpst Highest
Product pom name java-libpst High
Product central artifactid java-libpst Highest
Product pom url https://code.google.com/p/java-libpst/ Medium
Product pom description A library to read PST files with java, without need for external libraries. Medium
Product pom groupid pff Low
Version file version 0.8.1 Highest
Version central version 0.8.1 Highest
Version pom version 0.8.1 Highest
junrar-0.7.jar
Description: rar decompression library in plain java
License:
UnRar License: https://raw.github.com/junrar/junrar/master/license.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.github.junrar\junrar\0.7\18cc717b85af0b12ba922abf415c2ff4716f8219\junrar-0.7.jar
MD5: 75a215b9e921044cd2c88e73f6cb9745
SHA1: 18cc717b85af0b12ba922abf415c2ff4716f8219
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor file name junrar High
Vendor pom url junrar/junrar Highest
Vendor pom name Java UnRar High
Vendor pom groupid github.junrar Highest
Vendor gradle groupid com.github.junrar Highest
Vendor pom description rar decompression library in plain java Medium
Vendor Manifest url https://github.com/junrar/junrar Low
Vendor pom artifactid junrar Low
Vendor central groupid com.github.junrar Highest
Product file name junrar High
Product pom name Java UnRar High
Product pom groupid github.junrar Low
Product gradle artifactid junrar Highest
Product pom url junrar/junrar High
Product pom artifactid junrar Highest
Product pom description rar decompression library in plain java Medium
Product Manifest url https://github.com/junrar/junrar Low
Product central artifactid junrar Highest
Version file version 0.7 Highest
Version central version 0.7 Highest
Version pom version 0.7 Highest
cxf-rt-rs-client-3.0.12.jar
Description: Apache CXF JAX-RS Client
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.cxf\cxf-rt-rs-client\3.0.12\af609cc16e80eb05e20c8bbf60da24416d9a9b9d\cxf-rt-rs-client-3.0.12.jar
MD5: f41dbc9bdefaa9b672595356df4affc4
SHA1: af609cc16e80eb05e20c8bbf60da24416d9a9b9d
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor gradle groupid org.apache.cxf Highest
Vendor Manifest export-service org.apache.aries.blueprint.NamespaceHandler;osgi.service.blueprint.namespace="http://cxf.apache.org/blueprint/jaxrs-client" Low
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor manifest Bundle-Description Apache CXF JAX-RS Client Medium
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor Manifest bundle-symbolicname org.apache.cxf.cxf-rt-rs-client Medium
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom parent-artifactid cxf-parent Low
Vendor central groupid org.apache.cxf Highest
Vendor Manifest bundle-docurl http://cxf.apache.org Low
Vendor pom name Apache CXF JAX-RS Client High
Vendor file name cxf-rt-rs-client High
Vendor pom parent-groupid org.apache.cxf Medium
Vendor pom description Apache CXF JAX-RS Client Medium
Vendor pom url http://cxf.apache.org Highest
Vendor pom artifactid cxf-rt-rs-client Low
Vendor pom groupid apache.cxf Highest
Product pom groupid apache.cxf Low
Product Manifest export-service org.apache.aries.blueprint.NamespaceHandler;osgi.service.blueprint.namespace="http://cxf.apache.org/blueprint/jaxrs-client" Low
Product pom artifactid cxf-rt-rs-client Highest
Product manifest Bundle-Description Apache CXF JAX-RS Client Medium
Product Manifest bundle-symbolicname org.apache.cxf.cxf-rt-rs-client Medium
Product pom url http://cxf.apache.org Medium
Product Manifest bundle-docurl http://cxf.apache.org Low
Product pom parent-artifactid cxf-parent Medium
Product pom name Apache CXF JAX-RS Client High
Product Manifest Bundle-Name Apache CXF JAX-RS Client Medium
Product central artifactid cxf-rt-rs-client Highest
Product file name cxf-rt-rs-client High
Product gradle artifactid cxf-rt-rs-client Highest
Product pom description Apache CXF JAX-RS Client Medium
Product pom parent-groupid org.apache.cxf Low
Version Manifest Implementation-Version 3.0.12 High
Version pom version 3.0.12 Highest
Version file version 3.0.12 Highest
Version central version 3.0.12 Highest
Published Vulnerabilities
CVE-2015-5253 suppress
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:P/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The SAML Web SSO module in Apache CXF before 2.7.18, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote authenticated users to bypass authentication via a crafted SAML response with a valid signed assertion, related to a "wrapping attack."
Vulnerable Software & Versions: (show all )
CVE-2017-3156 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-361 Time and State
The OAuth2 Hawk and JOSE MAC Validation code in Apache CXF prior to 3.0.13 and 3.1.x prior to 3.1.10 is not using a constant time MAC signature comparison algorithm which may be exploited by sophisticated timing attacks.
Vulnerable Software & Versions: (show all )
CVE-2017-5653 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-20 Improper Input Validation
JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers.
Vulnerable Software & Versions: (show all )
CVE-2017-5656 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-384
Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of caching tokens that are associated with delegation tokens, which means that an attacker could craft a token which would return an identifer corresponding to a cached token for another user.
Vulnerable Software & Versions: (show all )
commons-exec-1.3.jar
Description: Apache Commons Exec is a library to reliably execute external processes from within the JVM.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.commons\commons-exec\1.3\8dfb9facd0830a27b1b5f29f84593f0aeee7773b\commons-exec-1.3.jar
MD5: 8bb8fa2edfd60d5c7ed6bf9923d14aa8
SHA1: 8dfb9facd0830a27b1b5f29f84593f0aeee7773b
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom artifactid commons-exec Low
Vendor file name commons-exec High
Vendor pom url http://commons.apache.org/proper/commons-exec/ Highest
Vendor manifest Bundle-Description Apache Commons Exec is a library to reliably execute external processes from within the JVM. Medium
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-exec/ Low
Vendor pom groupid apache.commons Highest
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom parent-groupid org.apache.commons Medium
Vendor pom name Apache Commons Exec High
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low
Vendor Manifest bundle-symbolicname org.apache.commons.exec Medium
Vendor central groupid org.apache.commons Highest
Vendor Manifest implementation-build trunk@r1636211; 2014-11-02 23:51:55+0000 Low
Vendor pom parent-artifactid commons-parent Low
Vendor pom description Apache Commons Exec is a library to reliably execute external processes from within the JVM. Medium
Vendor gradle groupid org.apache.commons Highest
Product pom parent-groupid org.apache.commons Low
Product file name commons-exec High
Product manifest Bundle-Description Apache Commons Exec is a library to reliably execute external processes from within the JVM. Medium
Product Manifest bundle-docurl http://commons.apache.org/proper/commons-exec/ Low
Product pom name Apache Commons Exec High
Product pom url http://commons.apache.org/proper/commons-exec/ Medium
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low
Product gradle artifactid commons-exec Highest
Product pom parent-artifactid commons-parent Medium
Product Manifest bundle-symbolicname org.apache.commons.exec Medium
Product Manifest Bundle-Name Apache Commons Exec Medium
Product Manifest implementation-build trunk@r1636211; 2014-11-02 23:51:55+0000 Low
Product Manifest Implementation-Title Apache Commons Exec High
Product pom description Apache Commons Exec is a library to reliably execute external processes from within the JVM. Medium
Product central artifactid commons-exec Highest
Product Manifest specification-title Apache Commons Exec Medium
Product pom groupid apache.commons Low
Product pom artifactid commons-exec Highest
Version pom version 1.3 Highest
Version file version 1.3 Highest
Version Manifest Implementation-Version 1.3 High
Version central version 1.3 Highest
opennlp-tools-1.6.0.jar
Description: The Apache Software Foundation provides support for the Apache community of open-source software projects. The Apache projects are characterized by a collaborative, consensus based development process, an open and pragmatic software license, and a desire to create high quality software that leads the way in its field. We consider ourselves not simply a group of projects sharing a server, but rather a community of developers and users.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.opennlp\opennlp-tools\1.6.0\e89fc5317497ee3ed0e6c48a72e4f280961a02b4\opennlp-tools-1.6.0.jar
MD5: c0e0b950af9575776fc97d6d37177af3
SHA1: e89fc5317497ee3ed0e6c48a72e4f280961a02b4
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom groupid apache.opennlp Highest
Vendor pom parent-groupid org.apache.opennlp Medium
Vendor Manifest bundle-docurl http://www.apache.org/ Low
Vendor manifest Bundle-Description The Apache Software Foundation provides support for the Apache community of open-source software projects. The Apache projects are characterized by a collaborative, consensus based development process, an open and pragmatic software license, and a desire to create high quality software that leads the way in its field. We consider ourselves not simply a group of projects sharing a server, but rather a community of developers and users. Low
Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.7 Low
Vendor pom parent-artifactid opennlp Low
Vendor pom name Apache OpenNLP Tools High
Vendor central groupid org.apache.opennlp Highest
Vendor Manifest Implementation-Vendor-Id org.apache.opennlp Medium
Vendor pom artifactid opennlp-tools Low
Vendor gradle groupid org.apache.opennlp Highest
Vendor file name opennlp-tools High
Vendor Manifest bundle-symbolicname org.apache.opennlp.tools Medium
Product pom artifactid opennlp-tools Highest
Product Manifest Bundle-Name Apache OpenNLP Tools Medium
Product central artifactid opennlp-tools Highest
Product Manifest Implementation-Title Apache OpenNLP Tools High
Product Manifest bundle-docurl http://www.apache.org/ Low
Product manifest Bundle-Description The Apache Software Foundation provides support for the Apache community of open-source software projects. The Apache projects are characterized by a collaborative, consensus based development process, an open and pragmatic software license, and a desire to create high quality software that leads the way in its field. We consider ourselves not simply a group of projects sharing a server, but rather a community of developers and users. Low
Product pom parent-groupid org.apache.opennlp Low
Product Manifest bundle-requiredexecutionenvironment JavaSE-1.7 Low
Product gradle artifactid opennlp-tools Highest
Product pom name Apache OpenNLP Tools High
Product Manifest specification-title Apache OpenNLP Tools Medium
Product pom parent-artifactid opennlp Medium
Product file name opennlp-tools High
Product Manifest bundle-symbolicname org.apache.opennlp.tools Medium
Product pom groupid apache.opennlp Low
Version file version 1.6.0 Highest
Version Manifest Implementation-Version 1.6.0 High
Version pom version 1.6.0 Highest
Version central version 1.6.0 Highest
Published Vulnerabilities
CVE-2017-12620 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
When loading models or dictionaries that contain XML it is possible to perform an XXE attack, since Apache OpenNLP is a library, this only affects applications that load models or dictionaries from untrusted sources. The versions 1.5.0 to 1.5.3, 1.6.0, 1.7.0 to 1.7.2, 1.8.0 to 1.8.1 of Apache OpenNLP are affected.
Vulnerable Software & Versions: (show all )
json-simple-1.1.1.jar
Description: A simple Java toolkit for JSON
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.googlecode.json-simple\json-simple\1.1.1\c9ad4a0850ab676c5c64461a05ca524cdfff59f1\json-simple-1.1.1.jar
MD5: 5cc2c478d73e8454b4c369cee66c5bc7
SHA1: c9ad4a0850ab676c5c64461a05ca524cdfff59f1
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor manifest Bundle-Description A simple Java toolkit for JSON Medium
Vendor pom name JSON.simple High
Vendor Manifest bundle-symbolicname com.googlecode.json-simple Medium
Vendor central groupid com.googlecode.json-simple Highest
Vendor pom groupid googlecode.json-simple Highest
Vendor pom artifactid json-simple Low
Vendor pom url http://code.google.com/p/json-simple/ Highest
Vendor file name json-simple High
Vendor pom description A simple Java toolkit for JSON Medium
Vendor gradle groupid com.googlecode.json-simple Highest
Product pom url http://code.google.com/p/json-simple/ Medium
Product manifest Bundle-Description A simple Java toolkit for JSON Medium
Product pom name JSON.simple High
Product central artifactid json-simple Highest
Product Manifest bundle-symbolicname com.googlecode.json-simple Medium
Product pom groupid googlecode.json-simple Low
Product gradle artifactid json-simple Highest
Product Manifest Bundle-Name JSON.simple Medium
Product file name json-simple High
Product pom description A simple Java toolkit for JSON Medium
Product pom artifactid json-simple Highest
Version pom version 1.1.1 Highest
Version file version 1.1.1 Highest
Version central version 1.1.1 Highest
json-1.8.jar
Description: A clean-room Apache-licensed implementation of simple JSON processing
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.tdunning\json\1.8\fa57d5adf557b226738cd42e6c093dd0a76c5fd4\json-1.8.jar
MD5: a89b66cf37063d0ee4f401193eb0ca2d
SHA1: fa57d5adf557b226738cd42e6c093dd0a76c5fd4
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor gradle groupid com.tdunning Highest
Vendor pom description A clean-room Apache-licensed implementation of simple JSON processing Medium
Vendor central groupid com.tdunning Highest
Vendor pom url tdunning/open-json Highest
Vendor pom groupid tdunning Highest
Vendor pom artifactid json Low
Vendor jar package name json Low
Vendor file name json High
Vendor pom name Open JSON High
Product pom description A clean-room Apache-licensed implementation of simple JSON processing Medium
Product central artifactid json Highest
Product gradle artifactid json Highest
Product pom artifactid json Highest
Product file name json High
Product pom groupid tdunning Low
Product pom url tdunning/open-json High
Product pom name Open JSON High
Version pom version 1.8 Highest
Version central version 1.8 Highest
Version file version 1.8 Highest
gson-2.8.1.jar
Description: Gson JSON library
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.google.code.gson\gson\2.8.1\2a8e0aa38a2e21cb39e2f5a7d6704cbdc941da0\gson-2.8.1.jar
MD5: 2c334d82c64b56ae59ea1bdcbb674303
SHA1: 02a8e0aa38a2e21cb39e2f5a7d6704cbdc941da0
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom groupid google.code.gson Highest
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5, JavaSE-1.6, JavaSE-1.7, JavaSE-1.8 Low
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Vendor pom artifactid gson Low
Vendor manifest Bundle-Description Gson JSON library Medium
Vendor Manifest bundle-contactaddress https://github.com/google/gson Low
Vendor file name gson High
Vendor Manifest bundle-symbolicname com.google.gson Medium
Vendor pom name Gson High
Vendor gradle groupid com.google.code.gson Highest
Vendor pom parent-groupid com.google.code.gson Medium
Vendor pom parent-artifactid gson-parent Low
Vendor central groupid com.google.code.gson Highest
Product Manifest bundle-requiredexecutionenvironment J2SE-1.5, JavaSE-1.6, JavaSE-1.7, JavaSE-1.8 Low
Product gradle artifactid gson Highest
Product pom parent-artifactid gson-parent Medium
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Product manifest Bundle-Description Gson JSON library Medium
Product Manifest bundle-contactaddress https://github.com/google/gson Low
Product file name gson High
Product central artifactid gson Highest
Product Manifest bundle-symbolicname com.google.gson Medium
Product pom name Gson High
Product pom parent-groupid com.google.code.gson Low
Product Manifest Bundle-Name Gson Medium
Product pom artifactid gson Highest
Product pom groupid google.code.gson Low
Version pom version 2.8.1 Highest
Version file version 2.8.1 Highest
Version central version 2.8.1 Highest
slf4j-api-1.7.24.jar
Description: The slf4j API
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.slf4j\slf4j-api\1.7.24\3f6b4bd4f8dbe8d4bea06d107a3826469b85c3e9\slf4j-api-1.7.24.jar
MD5: d18638036e314cdd66f04e2d248b7df9
SHA1: 3f6b4bd4f8dbe8d4bea06d107a3826469b85c3e9
Referenced In Projects/Scopes:
compileClasspath
compileOnly
compile
Evidence
Type Source Name Value Confidence
Vendor pom parent-artifactid slf4j-parent Low
Vendor pom groupid slf4j Highest
Vendor pom artifactid slf4j-api Low
Vendor manifest Bundle-Description The slf4j API Medium
Vendor pom name SLF4J API Module High
Vendor file name slf4j-api High
Vendor pom parent-groupid org.slf4j Medium
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Vendor pom description The slf4j API Medium
Vendor pom url http://www.slf4j.org Highest
Vendor central groupid org.slf4j Highest
Vendor Manifest bundle-symbolicname slf4j.api Medium
Vendor gradle groupid org.slf4j Highest
Product manifest Bundle-Description The slf4j API Medium
Product pom name SLF4J API Module High
Product file name slf4j-api High
Product pom parent-groupid org.slf4j Low
Product gradle artifactid slf4j-api Highest
Product pom url http://www.slf4j.org Medium
Product pom groupid slf4j Low
Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Product pom description The slf4j API Medium
Product central artifactid slf4j-api Highest
Product Manifest Bundle-Name slf4j-api Medium
Product Manifest bundle-symbolicname slf4j.api Medium
Product Manifest Implementation-Title slf4j-api High
Product pom artifactid slf4j-api Highest
Product pom parent-artifactid slf4j-parent Medium
Version file version 1.7.24 Highest
Version central version 1.7.24 Highest
Version Manifest Implementation-Version 1.7.24 High
Version pom version 1.7.24 Highest
jul-to-slf4j-1.7.24.jar
Description: JUL to SLF4J bridge
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.slf4j\jul-to-slf4j\1.7.24\25a2be668cb2ad1d05d76c0773df73b4b53617fd\jul-to-slf4j-1.7.24.jar
MD5: 8f13c04772e364c3ca0a1d9d979cc701
SHA1: 25a2be668cb2ad1d05d76c0773df73b4b53617fd
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom parent-artifactid slf4j-parent Low
Vendor Manifest bundle-symbolicname jul.to.slf4j Medium
Vendor pom groupid slf4j Highest
Vendor pom parent-groupid org.slf4j Medium
Vendor pom description JUL to SLF4J bridge Medium
Vendor pom name JUL to SLF4J bridge High
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Vendor file name jul-to-slf4j High
Vendor pom artifactid jul-to-slf4j Low
Vendor pom url http://www.slf4j.org Highest
Vendor central groupid org.slf4j Highest
Vendor manifest Bundle-Description JUL to SLF4J bridge Medium
Vendor gradle groupid org.slf4j Highest
Product Manifest bundle-symbolicname jul.to.slf4j Medium
Product pom artifactid jul-to-slf4j Highest
Product central artifactid jul-to-slf4j Highest
Product pom parent-groupid org.slf4j Low
Product Manifest Bundle-Name jul-to-slf4j Medium
Product pom description JUL to SLF4J bridge Medium
Product pom url http://www.slf4j.org Medium
Product gradle artifactid jul-to-slf4j Highest
Product pom groupid slf4j Low
Product pom name JUL to SLF4J bridge High
Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Product file name jul-to-slf4j High
Product manifest Bundle-Description JUL to SLF4J bridge Medium
Product pom parent-artifactid slf4j-parent Medium
Version file version 1.7.24 Highest
Version central version 1.7.24 Highest
Version Manifest Implementation-Version 1.7.24 High
Version pom version 1.7.24 Highest
jcl-over-slf4j-1.7.24.jar
Description: JCL 1.2 implemented over SLF4J
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.slf4j\jcl-over-slf4j\1.7.24\e6a8629079856a2aa7862c6327ccf6dd1988d7fc\jcl-over-slf4j-1.7.24.jar
MD5: c4f92652e13f3095fc95fcdcb5b514d7
SHA1: e6a8629079856a2aa7862c6327ccf6dd1988d7fc
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom parent-artifactid slf4j-parent Low
Vendor file name jcl-over-slf4j High
Vendor pom groupid slf4j Highest
Vendor pom artifactid jcl-over-slf4j Low
Vendor pom parent-groupid org.slf4j Medium
Vendor pom description JCL 1.2 implemented over SLF4J Medium
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Vendor pom url http://www.slf4j.org Highest
Vendor central groupid org.slf4j Highest
Vendor pom name JCL 1.2 implemented over SLF4J High
Vendor manifest Bundle-Description JCL 1.2 implemented over SLF4J Medium
Vendor gradle groupid org.slf4j Highest
Vendor Manifest bundle-symbolicname jcl.over.slf4j Medium
Product file name jcl-over-slf4j High
Product central artifactid jcl-over-slf4j Highest
Product pom parent-groupid org.slf4j Low
Product pom artifactid jcl-over-slf4j Highest
Product Manifest Implementation-Title jcl-over-slf4j High
Product pom description JCL 1.2 implemented over SLF4J Medium
Product pom url http://www.slf4j.org Medium
Product pom groupid slf4j Low
Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Product Manifest Bundle-Name jcl-over-slf4j Medium
Product gradle artifactid jcl-over-slf4j Highest
Product pom name JCL 1.2 implemented over SLF4J High
Product manifest Bundle-Description JCL 1.2 implemented over SLF4J Medium
Product Manifest bundle-symbolicname jcl.over.slf4j Medium
Product pom parent-artifactid slf4j-parent Medium
Version file version 1.7.24 Highest
Version central version 1.7.24 Highest
Version Manifest Implementation-Version 1.7.24 High
Version pom version 1.7.24 Highest
netcdf4-4.5.5.jar
File Path: Z:\Gradle\caches\modules-2\files-2.1\edu.ucar\netcdf4\4.5.5\675d63ecc857c50dd50858011b670160aa30b62\netcdf4-4.5.5.jar
MD5: 5f14df469295650fd65748a003c9ba56
SHA1: 0675d63ecc857c50dd50858011b670160aa30b62
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest Implementation-Vendor-Id edu.ucar Medium
Vendor central groupid edu.ucar Highest
Vendor file name netcdf4 High
Vendor Manifest Implementation-Vendor UCAR/Unidata High
Vendor pom artifactid netcdf4 Low
Vendor pom parent-artifactid thredds-parent Low
Vendor gradle groupid edu.ucar Highest
Vendor pom groupid edu.ucar Highest
Vendor Manifest built-on 20150306.1537 Low
Vendor pom name netCDF-4 IOSP JNI connection to C library High
Product file name netcdf4 High
Product central artifactid netcdf4 Highest
Product Manifest Implementation-Title netCDF-4 IOSP JNI connection to C library High
Product gradle artifactid netcdf4 Highest
Product pom groupid edu.ucar Low
Product pom artifactid netcdf4 Highest
Product Manifest built-on 20150306.1537 Low
Product pom parent-artifactid thredds-parent Medium
Product pom name netCDF-4 IOSP JNI connection to C library High
Version pom version 4.5.5 Highest
Version central version 4.5.5 Highest
Version Manifest Implementation-Version 4.5.5 High
Version file version 4.5.5 Highest
grib-4.5.5.jar
Description:
Decoder for the GRIB format.
File Path: Z:\Gradle\caches\modules-2\files-2.1\edu.ucar\grib\4.5.5\cfe552910e9a8d57ce71134796abb281a74ead16\grib-4.5.5.jar
MD5: 0cb80276d8ea89cacc1d5632dbf39fe9
SHA1: cfe552910e9a8d57ce71134796abb281a74ead16
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor file name grib High
Vendor pom artifactid grib Low
Vendor pom url http://www.unidata.ucar.edu/software/netcdf-java/ Highest
Vendor pom groupid edu.ucar Highest
Vendor pom name GRIB IOSP and Feature Collection High
Vendor Manifest built-on 20150306.1537 Low
Vendor Manifest Implementation-Vendor-Id edu.ucar Medium
Vendor central groupid edu.ucar Highest
Vendor Manifest Implementation-Vendor UCAR/Unidata High
Vendor pom description
Decoder for the GRIB format.
Medium
Vendor pom parent-artifactid thredds-parent Low
Vendor gradle groupid edu.ucar Highest
Product central artifactid grib Highest
Product file name grib High
Product pom url http://www.unidata.ucar.edu/software/netcdf-java/ Medium
Product pom description
Decoder for the GRIB format.
Medium
Product pom groupid edu.ucar Low
Product gradle artifactid grib Highest
Product pom artifactid grib Highest
Product pom name GRIB IOSP and Feature Collection High
Product Manifest Implementation-Title GRIB IOSP and Feature Collection High
Product Manifest built-on 20150306.1537 Low
Product pom parent-artifactid thredds-parent Medium
Version pom version 4.5.5 Highest
Version central version 4.5.5 Highest
Version Manifest Implementation-Version 4.5.5 High
Version file version 4.5.5 Highest
cdm-4.5.5.jar
Description:
The NetCDF-Java Library is a Java interface to NetCDF files,
as well as to many other types of scientific data formats.
File Path: Z:\Gradle\caches\modules-2\files-2.1\edu.ucar\cdm\4.5.5\af1748a3d024069cb7fd3fc2591efe806c914589\cdm-4.5.5.jar
MD5: 7770c86aabbd0ec5e12ed1f0600d5492
SHA1: af1748a3d024069cb7fd3fc2591efe806c914589
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom groupid edu.ucar Highest
Vendor pom description The NetCDF-Java Library is a Java interface to NetCDF files, as well as to many other types of scientific data formats. Low
Vendor pom url http://www.unidata.ucar.edu/software/netcdf-java/documentation.htm Highest
Vendor Manifest built-on 20150306.1537 Low
Vendor pom artifactid cdm Low
Vendor Manifest Implementation-Vendor-Id edu.ucar Medium
Vendor central groupid edu.ucar Highest
Vendor Manifest Implementation-Vendor UCAR/Unidata High
Vendor pom name CDM core library High
Vendor pom parent-artifactid thredds-parent Low
Vendor gradle groupid edu.ucar Highest
Vendor file name cdm High
Product pom url http://www.unidata.ucar.edu/software/netcdf-java/documentation.htm Medium
Product Manifest Implementation-Title CDM core library High
Product gradle artifactid cdm Highest
Product pom artifactid cdm Highest
Product pom name CDM core library High
Product pom groupid edu.ucar Low
Product central artifactid cdm Highest
Product pom description The NetCDF-Java Library is a Java interface to NetCDF files, as well as to many other types of scientific data formats. Low
Product file name cdm High
Product Manifest built-on 20150306.1537 Low
Product pom parent-artifactid thredds-parent Medium
Version pom version 4.5.5 Highest
Version central version 4.5.5 Highest
Version Manifest Implementation-Version 4.5.5 High
Version file version 4.5.5 Highest
httpservices-4.5.5.jar
File Path: Z:\Gradle\caches\modules-2\files-2.1\edu.ucar\httpservices\4.5.5\ee5f217be599e5e03f7f0e55e03f9e721a154f62\httpservices-4.5.5.jar
MD5: c5207827b8b7e6045b2af7e1e8c5b1d4
SHA1: ee5f217be599e5e03f7f0e55e03f9e721a154f62
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor file name httpservices High
Vendor Manifest Implementation-Vendor-Id edu.ucar Medium
Vendor central groupid edu.ucar Highest
Vendor Manifest Implementation-Vendor UCAR/Unidata High
Vendor pom artifactid httpservices Low
Vendor pom name HttpClient Wrappers High
Vendor pom parent-artifactid thredds-parent Low
Vendor gradle groupid edu.ucar Highest
Vendor pom groupid edu.ucar Highest
Vendor pom url http://www.unidata.ucar.edu/software/netcdf-java/documentation.htm Highest
Vendor Manifest built-on 20150306.1537 Low
Product pom url http://www.unidata.ucar.edu/software/netcdf-java/documentation.htm Medium
Product file name httpservices High
Product pom name HttpClient Wrappers High
Product pom groupid edu.ucar Low
Product central artifactid httpservices Highest
Product Manifest Implementation-Title HttpClient Wrappers High
Product pom artifactid httpservices Highest
Product gradle artifactid httpservices Highest
Product Manifest built-on 20150306.1537 Low
Product pom parent-artifactid thredds-parent Medium
Version pom version 4.5.5 Highest
Version central version 4.5.5 Highest
Version Manifest Implementation-Version 4.5.5 High
Version file version 4.5.5 Highest
sis-utility-0.6.jar
Description:
Miscellaneous utilities.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.sis.core\sis-utility\0.6\e049cdb56758f3a92b48af0f7741d102a90152\sis-utility-0.6.jar
MD5: b8da3a7ab7599f60b0e814605217b461
SHA1: 00e049cdb56758f3a92b48af0f7741d102a90152
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest require-capability osgi.extender;filter:="(osgi.extender=osgi.serviceloader.registrar)",osgi.serviceloader;cardinality:=multiple,osgi.extender;filter:="(osgi.extender=osgi.serviceloader.processor)",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Vendor pom parent-groupid org.apache.sis Medium
Vendor jar package name apache Low
Vendor Manifest built-on 2015-09-11T22:45:56Z Low
Vendor pom groupid apache.sis.core Highest
Vendor file name sis-utility High
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor Manifest implementation-url http://sis.apache.org/core/sis-utility Low
Vendor pom parent-artifactid core Low
Vendor pom name Apache SIS utilities High
Vendor pom description
Miscellaneous utilities.
Medium
Vendor Manifest specification-vendor Open Geospatial Consortium Low
Vendor manifest Bundle-Description Miscellaneous utilities. Medium
Vendor jar package name sis Low
Vendor Manifest bundle-docurl http://sis.apache.org/core/sis-utility Low
Vendor Manifest bundle-symbolicname org.apache.sis.util Medium
Vendor pom artifactid sis-utility Low
Vendor gradle groupid org.apache.sis.core Highest
Vendor central groupid org.apache.sis.core Highest
Vendor Manifest Implementation-Vendor-Id org.apache.sis.core Medium
Vendor Manifest spi-producer * Low
Product Manifest require-capability osgi.extender;filter:="(osgi.extender=osgi.serviceloader.registrar)",osgi.serviceloader;cardinality:=multiple,osgi.extender;filter:="(osgi.extender=osgi.serviceloader.processor)",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Product central artifactid sis-utility Highest
Product Manifest built-on 2015-09-11T22:45:56Z Low
Product file name sis-utility High
Product gradle artifactid sis-utility Highest
Product pom parent-artifactid core Medium
Product pom parent-groupid org.apache.sis Low
Product Manifest implementation-url http://sis.apache.org/core/sis-utility Low
Product pom groupid apache.sis.core Low
Product pom name Apache SIS utilities High
Product pom description
Miscellaneous utilities.
Medium
Product Manifest specification-title GeoAPI Medium
Product Manifest Bundle-Name Apache SIS utilities Medium
Product manifest Bundle-Description Miscellaneous utilities. Medium
Product jar package name sis Low
Product Manifest bundle-docurl http://sis.apache.org/core/sis-utility Low
Product Manifest Implementation-Title Apache SIS utilities High
Product Manifest bundle-symbolicname org.apache.sis.util Medium
Product pom artifactid sis-utility Highest
Product Manifest spi-producer * Low
Version Manifest Implementation-Version 0.6 High
Version pom version 0.6 Highest
Version file version 0.6 Highest
Version central version 0.6 Highest
sis-netcdf-0.6.jar
Description:
Bridge between NetCDF Climate and Forecast (CF) convention and ISO 19115 metadata.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.sis.storage\sis-netcdf\0.6\c847a664eb707b0663dec4a9257419842a33e903\sis-netcdf-0.6.jar
MD5: af47f83d86ae9c8d8ec22ebe59c581d8
SHA1: c847a664eb707b0663dec4a9257419842a33e903
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom parent-artifactid storage Low
Vendor pom parent-groupid org.apache.sis Medium
Vendor jar package name apache Low
Vendor Manifest built-on 2015-09-11T22:45:56Z Low
Vendor pom artifactid sis-netcdf Low
Vendor Manifest implementation-url http://sis.apache.org/storage/sis-netcdf Low
Vendor gradle groupid org.apache.sis.storage Highest
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor Manifest specification-vendor Open Geospatial Consortium Low
Vendor manifest Bundle-Description Bridge between NetCDF Climate and Forecast (CF) convention and ISO 19115 metadata. Medium
Vendor pom name Apache SIS NetCDF storage High
Vendor Manifest Implementation-Vendor-Id org.apache.sis.storage Medium
Vendor jar package name sis Low
Vendor pom description
Bridge between NetCDF Climate and Forecast (CF) convention and ISO 19115 metadata.
Medium
Vendor central groupid org.apache.sis.storage Highest
Vendor Manifest bundle-symbolicname org.apache.sis.storage.netcdf Medium
Vendor jar package name internal Low
Vendor file name sis-netcdf High
Vendor Manifest bundle-docurl http://sis.apache.org/storage/sis-netcdf Low
Vendor pom groupid apache.sis.storage Highest
Product Manifest built-on 2015-09-11T22:45:56Z Low
Product pom parent-artifactid storage Medium
Product Manifest implementation-url http://sis.apache.org/storage/sis-netcdf Low
Product pom groupid apache.sis.storage Low
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Product Manifest Bundle-Name Apache SIS NetCDF storage Medium
Product pom parent-groupid org.apache.sis Low
Product Manifest specification-title GeoAPI Medium
Product Manifest Implementation-Title Apache SIS NetCDF storage High
Product pom artifactid sis-netcdf Highest
Product manifest Bundle-Description Bridge between NetCDF Climate and Forecast (CF) convention and ISO 19115 metadata. Medium
Product pom name Apache SIS NetCDF storage High
Product jar package name sis Low
Product pom description
Bridge between NetCDF Climate and Forecast (CF) convention and ISO 19115 metadata.
Medium
Product Manifest bundle-symbolicname org.apache.sis.storage.netcdf Medium
Product jar package name internal Low
Product central artifactid sis-netcdf Highest
Product file name sis-netcdf High
Product Manifest bundle-docurl http://sis.apache.org/storage/sis-netcdf Low
Product gradle artifactid sis-netcdf Highest
Product jar package name netcdf Low
Version Manifest Implementation-Version 0.6 High
Version pom version 0.6 Highest
Version file version 0.6 Highest
Version central version 0.6 Highest
sis-metadata-0.6.jar
Description:
Implementations of metadata derived from ISO 19115. This module provides both an implementation
of the metadata interfaces defined in GeoAPI, and a framework for handling those metadata through
Java reflection.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.sis.core\sis-metadata\0.6\97cde9b02f2548567a06f3ecd42caa39a94ffaf4\sis-metadata-0.6.jar
MD5: 193ae7072888febbac3c0a6007e62cc9
SHA1: 97cde9b02f2548567a06f3ecd42caa39a94ffaf4
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest bundle-symbolicname org.apache.sis.metadata Medium
Vendor pom parent-groupid org.apache.sis Medium
Vendor jar package name apache Low
Vendor Manifest built-on 2015-09-11T22:45:56Z Low
Vendor Manifest bundle-docurl http://sis.apache.org/core/sis-metadata Low
Vendor pom groupid apache.sis.core Highest
Vendor Manifest implementation-url http://sis.apache.org/core/sis-metadata Low
Vendor pom description Implementations of metadata derived from ISO 19115. This module provides both an implementation of the metadata interfaces defined in GeoAPI, and a framework for handling those metadata through Java reflection. Low
Vendor Manifest require-capability osgi.extender;filter:="(osgi.extender=osgi.serviceloader.registrar)",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor Manifest provide-capability osgi.serviceloader;osgi.serviceloader="org.apache.sis.internal.jaxb.TypeRegistration" Low
Vendor pom parent-artifactid core Low
Vendor Manifest specification-vendor Open Geospatial Consortium Low
Vendor jar package name sis Low
Vendor jar package name metadata Low
Vendor pom artifactid sis-metadata Low
Vendor file name sis-metadata High
Vendor manifest Bundle-Description Implementations of metadata derived from ISO 19115. This module provides both an implementation of the metadata interfaces defined in GeoAPI, and a framework for handling those metadata through Java reflection. Low
Vendor gradle groupid org.apache.sis.core Highest
Vendor central groupid org.apache.sis.core Highest
Vendor Manifest Implementation-Vendor-Id org.apache.sis.core Medium
Vendor pom name Apache SIS metadata High
Product Manifest bundle-symbolicname org.apache.sis.metadata Medium
Product Manifest Implementation-Title Apache SIS metadata High
Product Manifest built-on 2015-09-11T22:45:56Z Low
Product Manifest Bundle-Name Apache SIS metadata Medium
Product central artifactid sis-metadata Highest
Product Manifest bundle-docurl http://sis.apache.org/core/sis-metadata Low
Product pom artifactid sis-metadata Highest
Product Manifest implementation-url http://sis.apache.org/core/sis-metadata Low
Product pom description Implementations of metadata derived from ISO 19115. This module provides both an implementation of the metadata interfaces defined in GeoAPI, and a framework for handling those metadata through Java reflection. Low
Product Manifest require-capability osgi.extender;filter:="(osgi.extender=osgi.serviceloader.registrar)",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Product pom parent-artifactid core Medium
Product pom parent-groupid org.apache.sis Low
Product Manifest provide-capability osgi.serviceloader;osgi.serviceloader="org.apache.sis.internal.jaxb.TypeRegistration" Low
Product pom groupid apache.sis.core Low
Product Manifest specification-title GeoAPI Medium
Product jar package name sis Low
Product gradle artifactid sis-metadata Highest
Product jar package name metadata Low
Product file name sis-metadata High
Product manifest Bundle-Description Implementations of metadata derived from ISO 19115. This module provides both an implementation of the metadata interfaces defined in GeoAPI, and a framework for handling those metadata through Java reflection. Low
Product pom name Apache SIS metadata High
Version Manifest Implementation-Version 0.6 High
Version pom version 0.6 Highest
Version file version 0.6 Highest
Version central version 0.6 Highest
geoapi-3.0.0.jar
Description:
The development community in building GIS solutions is sustaining an enormous level
of effort. The GeoAPI project aims to reduce duplication and increase interoperability
by providing neutral, interface-only APIs derived from OGC/ISO Standards.
License:
https://geoapi.svn.sourceforge.net/svnroot/geoapi/branches/3.0.x/LICENSE.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.opengis\geoapi\3.0.0\a04e0f361627fb33a140b5aa4c019741f905577\geoapi-3.0.0.jar
MD5: 97b6baee0cf3402e8360203bf6c23b3f
SHA1: 0a04e0f361627fb33a140b5aa4c019741f905577
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor file name geoapi High
Vendor pom artifactid geoapi Low
Vendor pom parent-artifactid geoapi-parent Low
Vendor pom name GeoAPI High
Vendor central groupid org.opengis Highest
Vendor Manifest bundle-docurl http://www.geoapi.org Low
Vendor manifest Bundle-Description The development community in building GIS solutions is sustaining an enormous level of effort. The GeoAPI project aims to reduce duplication and increase interoperability by providing neutral, interface-only APIs derived from OGC/ISO Standards. Low
Vendor Manifest specification-vendor Open Geospatial Consortium Low
Vendor gradle groupid org.opengis Highest
Vendor pom parent-groupid org.opengis Medium
Vendor pom groupid opengis Highest
Vendor Manifest bundle-symbolicname org.opengis.geoapi Medium
Vendor pom description The development community in building GIS solutions is sustaining an enormous level of effort. The GeoAPI project aims to reduce duplication and increase interoperability by providing neutral, interface-only APIs derived from OGC/ISO Standards. Low
Product file name geoapi High
Product pom parent-artifactid geoapi-parent Medium
Product pom name GeoAPI High
Product central artifactid geoapi Highest
Product Manifest bundle-docurl http://www.geoapi.org Low
Product manifest Bundle-Description The development community in building GIS solutions is sustaining an enormous level of effort. The GeoAPI project aims to reduce duplication and increase interoperability by providing neutral, interface-only APIs derived from OGC/ISO Standards. Low
Product Manifest specification-title GeoAPI Medium
Product pom artifactid geoapi Highest
Product Manifest Bundle-Name GeoAPI Medium
Product pom groupid opengis Low
Product pom parent-groupid org.opengis Low
Product gradle artifactid geoapi Highest
Product Manifest bundle-symbolicname org.opengis.geoapi Medium
Product pom description The development community in building GIS solutions is sustaining an enormous level of effort. The GeoAPI project aims to reduce duplication and increase interoperability by providing neutral, interface-only APIs derived from OGC/ISO Standards. Low
Version pom version 3.0.0 Highest
Version file version 3.0.0 Highest
Version central version 3.0.0 Highest
sentiment-analysis-parser-0.1.jar
Description: Combines Apache OpenNLP and Apache Tika and provides facilities for automatically deriving sentiment from text.
License:
The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\edu.usc.ir\sentiment-analysis-parser\0.1\20d1524a1270c1d26e3314d2ee71a12e6a29a27d\sentiment-analysis-parser-0.1.jar
MD5: 69727e01cb8165e2e5d637e527ea82d4
SHA1: 20d1524a1270c1d26e3314d2ee71a12e6a29a27d
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom description Combines Apache OpenNLP and Apache Tika and provides facilities for automatically deriving sentiment from text. Low
Vendor jar package name opennlp Low
Vendor central groupid edu.usc.ir Highest
Vendor jar package name tools Low
Vendor pom name SentimentAnalysisParser High
Vendor gradle groupid edu.usc.ir Highest
Vendor pom artifactid sentiment-analysis-parser Low
Vendor file name sentiment-analysis-parser High
Vendor jar package name sentiment Low
Vendor pom groupid edu.usc.ir Highest
Vendor pom url USCDataScience/SentimentAnalysisParser Highest
Product pom url USCDataScience/SentimentAnalysisParser High
Product pom description Combines Apache OpenNLP and Apache Tika and provides facilities for automatically deriving sentiment from text. Low
Product jar package name tools Low
Product pom name SentimentAnalysisParser High
Product central artifactid sentiment-analysis-parser Highest
Product file name sentiment-analysis-parser High
Product pom groupid edu.usc.ir Low
Product jar package name sentiment Low
Product pom artifactid sentiment-analysis-parser Highest
Product gradle artifactid sentiment-analysis-parser Highest
Version pom version 0.1 Highest
Version central version 0.1 Highest
Version file version 0.1 Highest
tomcat-coyote-8.5.23.jar
Description: Tomcat Connectors and HTTP parser
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.tomcat\tomcat-coyote\8.5.23\7ec1d6ede0abcb5186181ea9b38570dd6144d8de\tomcat-coyote-8.5.23.jar
MD5: 26e6ca9702c8e3597c9a6b4673b5e4d0
SHA1: 7ec1d6ede0abcb5186181ea9b38570dd6144d8de
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name apache Low
Vendor jar package name tomcat Low
Vendor file name tomcat-coyote High
Vendor gradle groupid org.apache.tomcat Highest
Vendor pom artifactid tomcat-coyote Low
Vendor Manifest Implementation-Vendor Apache Software Foundation High
Vendor pom description Tomcat Connectors and HTTP parser Medium
Vendor central groupid org.apache.tomcat Highest
Vendor pom url http://tomcat.apache.org/ Highest
Vendor jar package name util Low
Vendor pom groupid apache.tomcat Highest
Vendor Manifest specification-vendor Apache Software Foundation Low
Product jar package name tomcat Low
Product file name tomcat-coyote High
Product central artifactid tomcat-coyote Highest
Product jar package name util Low
Product pom artifactid tomcat-coyote Highest
Product gradle artifactid tomcat-coyote Highest
Product pom groupid apache.tomcat Low
Product pom description Tomcat Connectors and HTTP parser Medium
Product Manifest Implementation-Title Apache Tomcat High
Product pom url http://tomcat.apache.org/ Medium
Product Manifest specification-title Apache Tomcat Medium
Version Manifest Implementation-Version 8.5.23 High
Version pom version 8.5.23 Highest
Version central version 8.5.23 Highest
Version file version 8.5.23 Highest
cpe: cpe:/a:apache:coyote_http_connector:8.5.23
Confidence :Low
suppress
maven: org.apache.tomcat:tomcat-coyote:8.5.23 ✓
Confidence :Highest
cpe: cpe:/a:apache_software_foundation:tomcat:8.5.23
Confidence :Low
suppress
cpe: cpe:/a:apache_tomcat:apache_tomcat:8.5.23
Confidence :Low
suppress
cpe: cpe:/a:apache:tomcat:8.5.23
Confidence :Low
suppress
cpe: cpe:/a:apache:tomcat_connectors:8.5.23
Confidence :Low
suppress
Published Vulnerabilities
CVE-2016-5425 suppress
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.
Vulnerable Software & Versions:
CVE-2016-6325 suppress
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.
Vulnerable Software & Versions:
CVE-2017-6056 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-19 Data Handling
It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.
Vulnerable Software & Versions:
tomcat-servlet-api-8.5.23.jar
Description: javax.servlet package
License:
Apache License, Version 2.0 and
Common Development And Distribution License (CDDL) Version 1.0
:
http://www.apache.org/licenses/LICENSE-2.0.txt and
http://www.opensource.org/licenses/cddl1.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.tomcat\tomcat-servlet-api\8.5.23\21a212688ec94fe77aff74ab34cc74f6f940e60\tomcat-servlet-api-8.5.23.jar
MD5: 7f722bbee6cfb4e7bbb1886e22f80ee6
SHA1: 021a212688ec94fe77aff74ab34cc74f6f940e60
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name javax Low
Vendor file name tomcat-servlet-api High
Vendor pom artifactid tomcat-servlet-api Low
Vendor pom url http://tomcat.apache.org/ Highest
Vendor gradle groupid org.apache.tomcat Highest
Vendor pom groupid apache.tomcat Highest
Vendor manifest: javax/servlet/ Implementation-Vendor Apache Software Foundation Medium
Vendor jar package name servlet Low
Vendor pom description javax.servlet package Medium
Vendor central groupid org.apache.tomcat Highest
Product manifest: javax/servlet/ Implementation-Title javax.servlet Medium
Product central artifactid tomcat-servlet-api Highest
Product file name tomcat-servlet-api High
Product gradle artifactid tomcat-servlet-api Highest
Product pom groupid apache.tomcat Low
Product manifest: javax/servlet/ Specification-Title Java API for Servlets Medium
Product pom artifactid tomcat-servlet-api Highest
Product jar package name servlet Low
Product pom description javax.servlet package Medium
Product pom url http://tomcat.apache.org/ Medium
Version pom version 8.5.23 Highest
Version central version 8.5.23 Highest
Version file version 8.5.23 Highest
Published Vulnerabilities
CVE-2016-5425 suppress
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.
Vulnerable Software & Versions:
CVE-2016-6325 suppress
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.
Vulnerable Software & Versions:
CVE-2017-6056 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-19 Data Handling
It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.
Vulnerable Software & Versions:
tomcat-juli-8.5.23.jar
Description: Tomcat Core Logging Package
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.tomcat\tomcat-juli\8.5.23\98e7f0610b7b2fb8303f11be0210e3f5a56a7d55\tomcat-juli-8.5.23.jar
MD5: 359c91b465359dbec89664c14c8ca465
SHA1: 98e7f0610b7b2fb8303f11be0210e3f5a56a7d55
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name apache Low
Vendor pom description Tomcat Core Logging Package Medium
Vendor pom url http://tomcat.apache.org/ Highest
Vendor gradle groupid org.apache.tomcat Highest
Vendor pom groupid apache.tomcat Highest
Vendor file name tomcat-juli High
Vendor Manifest Implementation-Vendor Apache Software Foundation High
Vendor jar package name juli Low
Vendor Manifest specification-vendor Apache Software Foundation Low
Vendor pom artifactid tomcat-juli Low
Vendor central groupid org.apache.tomcat Highest
Product pom artifactid tomcat-juli Highest
Product pom description Tomcat Core Logging Package Medium
Product gradle artifactid tomcat-juli Highest
Product file name tomcat-juli High
Product pom groupid apache.tomcat Low
Product jar package name juli Low
Product Manifest Implementation-Title Apache Tomcat High
Product pom url http://tomcat.apache.org/ Medium
Product Manifest specification-title Apache Tomcat Medium
Product central artifactid tomcat-juli Highest
Version Manifest Implementation-Version 8.5.23 High
Version pom version 8.5.23 Highest
Version central version 8.5.23 Highest
Version file version 8.5.23 Highest
tomcat-util-8.5.23.jar
Description: Common code shared by multiple Tomcat components
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.tomcat\tomcat-util\8.5.23\e6d5e8becd2eda3bcec39bee2fbe10a93590506\tomcat-util-8.5.23.jar
MD5: b1f801d67ec27913abfe23ae511ff4a0
SHA1: 0e6d5e8becd2eda3bcec39bee2fbe10a93590506
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name apache Low
Vendor jar package name tomcat Low
Vendor gradle groupid org.apache.tomcat Highest
Vendor Manifest Implementation-Vendor Apache Software Foundation High
Vendor pom description Common code shared by multiple Tomcat components Medium
Vendor central groupid org.apache.tomcat Highest
Vendor pom url http://tomcat.apache.org/ Highest
Vendor jar package name util Low
Vendor pom groupid apache.tomcat Highest
Vendor file name tomcat-util High
Vendor Manifest specification-vendor Apache Software Foundation Low
Vendor pom artifactid tomcat-util Low
Product jar package name tomcat Low
Product gradle artifactid tomcat-util Highest
Product central artifactid tomcat-util Highest
Product jar package name util Low
Product file name tomcat-util High
Product pom groupid apache.tomcat Low
Product pom artifactid tomcat-util Highest
Product pom description Common code shared by multiple Tomcat components Medium
Product Manifest Implementation-Title Apache Tomcat High
Product pom url http://tomcat.apache.org/ Medium
Product Manifest specification-title Apache Tomcat Medium
Version Manifest Implementation-Version 8.5.23 High
Version pom version 8.5.23 Highest
Version central version 8.5.23 Highest
Version file version 8.5.23 Highest
Published Vulnerabilities
CVE-2016-5425 suppress
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.
Vulnerable Software & Versions:
CVE-2016-6325 suppress
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.
Vulnerable Software & Versions:
CVE-2017-6056 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-19 Data Handling
It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.
Vulnerable Software & Versions:
tomcat-util-scan-8.5.23.jar
Description:
Common code shared by Catalina and Jasper for scanning JARS and processing
XML descriptors
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.tomcat\tomcat-util-scan\8.5.23\2ff39be3d61d2147d6a032f46d3ba4e42a618ad2\tomcat-util-scan-8.5.23.jar
MD5: c8b13ff2b2b506f15c276f67454af0c9
SHA1: 2ff39be3d61d2147d6a032f46d3ba4e42a618ad2
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom description Common code shared by Catalina and Jasper for scanning JARS and processing XML descriptors Low
Vendor jar package name apache Low
Vendor jar package name tomcat Low
Vendor gradle groupid org.apache.tomcat Highest
Vendor Manifest Implementation-Vendor Apache Software Foundation High
Vendor central groupid org.apache.tomcat Highest
Vendor pom artifactid tomcat-util-scan Low
Vendor pom url http://tomcat.apache.org/ Highest
Vendor jar package name util Low
Vendor pom groupid apache.tomcat Highest
Vendor file name tomcat-util-scan High
Vendor Manifest specification-vendor Apache Software Foundation Low
Product central artifactid tomcat-util-scan Highest
Product pom description Common code shared by Catalina and Jasper for scanning JARS and processing XML descriptors Low
Product jar package name tomcat Low
Product pom artifactid tomcat-util-scan Highest
Product Manifest Implementation-Title Apache Tomcat High
Product Manifest specification-title Apache Tomcat Medium
Product jar package name util Low
Product file name tomcat-util-scan High
Product jar package name descriptor Low
Product pom groupid apache.tomcat Low
Product gradle artifactid tomcat-util-scan Highest
Product pom url http://tomcat.apache.org/ Medium
Version Manifest Implementation-Version 8.5.23 High
Version pom version 8.5.23 Highest
Version central version 8.5.23 Highest
Version file version 8.5.23 Highest
Published Vulnerabilities
CVE-2016-5425 suppress
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.
Vulnerable Software & Versions:
CVE-2016-6325 suppress
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.
Vulnerable Software & Versions:
CVE-2017-6056 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-19 Data Handling
It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.
Vulnerable Software & Versions:
tomcat-jsp-api-8.5.23.jar
Description: JSP package
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.tomcat\tomcat-jsp-api\8.5.23\6568c9c627f87a5278566d62a33802722cf1a00c\tomcat-jsp-api-8.5.23.jar
MD5: 7364bade0d37475a2af95258d385abba
SHA1: 6568c9c627f87a5278566d62a33802722cf1a00c
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name javax Low
Vendor pom description JSP package Medium
Vendor pom url http://tomcat.apache.org/ Highest
Vendor gradle groupid org.apache.tomcat Highest
Vendor pom groupid apache.tomcat Highest
Vendor file name tomcat-jsp-api High
Vendor jar package name jsp Low
Vendor manifest: javax/servlet/jsp/ Implementation-Vendor Apache Software Foundation Medium
Vendor pom artifactid tomcat-jsp-api Low
Vendor jar package name servlet Low
Vendor central groupid org.apache.tomcat Highest
Product central artifactid tomcat-jsp-api Highest
Product manifest: javax/servlet/jsp/ Specification-Title Java API for JavaServer Pages Medium
Product manifest: javax/servlet/jsp/ Implementation-Title javax.servlet.jsp Medium
Product pom description JSP package Medium
Product gradle artifactid tomcat-jsp-api Highest
Product file name tomcat-jsp-api High
Product jar package name jsp Low
Product pom groupid apache.tomcat Low
Product pom artifactid tomcat-jsp-api Highest
Product jar package name servlet Low
Product pom url http://tomcat.apache.org/ Medium
Version pom version 8.5.23 Highest
Version central version 8.5.23 Highest
Version file version 8.5.23 Highest
Published Vulnerabilities
CVE-2016-5425 suppress
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.
Vulnerable Software & Versions:
CVE-2016-6325 suppress
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.
Vulnerable Software & Versions:
CVE-2017-6056 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-19 Data Handling
It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.
Vulnerable Software & Versions:
tomcat-annotations-api-8.5.23.jar
Description: Annotations Package
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.tomcat\tomcat-annotations-api\8.5.23\aaf17df9fe0240e9e9d5375d24d5f177174b73d9\tomcat-annotations-api-8.5.23.jar
MD5: a176f33b5656eb44675aacb1f50e8468
SHA1: aaf17df9fe0240e9e9d5375d24d5f177174b73d9
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name javax Low
Vendor pom description Annotations Package Medium
Vendor jar package name annotation Low
Vendor pom url http://tomcat.apache.org/ Highest
Vendor gradle groupid org.apache.tomcat Highest
Vendor pom groupid apache.tomcat Highest
Vendor manifest: javax/servlet/ Implementation-Vendor Apache Software Foundation Medium
Vendor pom artifactid tomcat-annotations-api Low
Vendor file name tomcat-annotations-api High
Vendor central groupid org.apache.tomcat Highest
Product manifest: javax/servlet/ Implementation-Title javax.servlet Medium
Product central artifactid tomcat-annotations-api Highest
Product pom description Annotations Package Medium
Product jar package name annotation Low
Product pom groupid apache.tomcat Low
Product pom artifactid tomcat-annotations-api Highest
Product gradle artifactid tomcat-annotations-api Highest
Product file name tomcat-annotations-api High
Product manifest: javax/servlet/ Specification-Title Java API for Servlets (Annotations) Medium
Product pom url http://tomcat.apache.org/ Medium
Version pom version 8.5.23 Highest
Version central version 8.5.23 Highest
Version file version 8.5.23 Highest
Published Vulnerabilities
CVE-2016-5425 suppress
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.
Vulnerable Software & Versions:
CVE-2016-6325 suppress
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.
Vulnerable Software & Versions:
CVE-2017-6056 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-19 Data Handling
It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.
Vulnerable Software & Versions:
tomcat-api-8.5.23.jar
Description: Definition of interfaces shared by Catalina and Jasper
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.tomcat\tomcat-api\8.5.23\ef3e2cde0b6c2cff40fd8942ca3c88c029c50990\tomcat-api-8.5.23.jar
MD5: 9de52e16b119d8e5cbd78e1d8e6c4004
SHA1: ef3e2cde0b6c2cff40fd8942ca3c88c029c50990
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name apache Low
Vendor jar package name tomcat Low
Vendor pom url http://tomcat.apache.org/ Highest
Vendor gradle groupid org.apache.tomcat Highest
Vendor pom groupid apache.tomcat Highest
Vendor Manifest Implementation-Vendor Apache Software Foundation High
Vendor pom description Definition of interfaces shared by Catalina and Jasper Medium
Vendor file name tomcat-api High
Vendor Manifest specification-vendor Apache Software Foundation Low
Vendor pom artifactid tomcat-api Low
Vendor central groupid org.apache.tomcat Highest
Product gradle artifactid tomcat-api Highest
Product jar package name tomcat Low
Product pom artifactid tomcat-api Highest
Product pom groupid apache.tomcat Low
Product pom description Definition of interfaces shared by Catalina and Jasper Medium
Product central artifactid tomcat-api Highest
Product file name tomcat-api High
Product Manifest Implementation-Title Apache Tomcat High
Product pom url http://tomcat.apache.org/ Medium
Product Manifest specification-title Apache Tomcat Medium
Version Manifest Implementation-Version 8.5.23 High
Version pom version 8.5.23 Highest
Version central version 8.5.23 Highest
Version file version 8.5.23 Highest
Published Vulnerabilities
CVE-2016-5425 suppress
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.
Vulnerable Software & Versions:
CVE-2016-6325 suppress
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.
Vulnerable Software & Versions:
CVE-2017-6056 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-19 Data Handling
It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.
Vulnerable Software & Versions:
tomcat-jni-8.5.23.jar
Description: Interface code to the native connector
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.tomcat\tomcat-jni\8.5.23\cf0f1df5f9d14c39bd39f39e94edaf90f41802c\tomcat-jni-8.5.23.jar
MD5: f18f7a50b085aa82d3e00ed38dbbf9e4
SHA1: 0cf0f1df5f9d14c39bd39f39e94edaf90f41802c
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name apache Low
Vendor jar package name tomcat Low
Vendor file name tomcat-jni High
Vendor gradle groupid org.apache.tomcat Highest
Vendor pom artifactid tomcat-jni Low
Vendor pom description Interface code to the native connector Medium
Vendor Manifest Implementation-Vendor Apache Software Foundation High
Vendor central groupid org.apache.tomcat Highest
Vendor jar package name jni Low
Vendor pom url http://tomcat.apache.org/ Highest
Vendor pom groupid apache.tomcat Highest
Vendor Manifest specification-vendor Apache Software Foundation Low
Product jar package name tomcat Low
Product file name tomcat-jni High
Product jar package name jni Low
Product central artifactid tomcat-jni Highest
Product pom description Interface code to the native connector Medium
Product gradle artifactid tomcat-jni Highest
Product pom artifactid tomcat-jni Highest
Product pom groupid apache.tomcat Low
Product Manifest Implementation-Title Apache Tomcat High
Product pom url http://tomcat.apache.org/ Medium
Product Manifest specification-title Apache Tomcat Medium
Version Manifest Implementation-Version 8.5.23 High
Version pom version 8.5.23 Highest
Version central version 8.5.23 Highest
Version file version 8.5.23 Highest
Published Vulnerabilities
CVE-2016-5425 suppress
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.
Vulnerable Software & Versions:
CVE-2016-6325 suppress
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.
Vulnerable Software & Versions:
CVE-2017-6056 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-19 Data Handling
It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.
Vulnerable Software & Versions:
tomcat-jaspic-api-8.5.23.jar
Description: javax.security.auth.message package
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.tomcat\tomcat-jaspic-api\8.5.23\709545a369b74ad9167046ee1feeb822a6065442\tomcat-jaspic-api-8.5.23.jar
MD5: c33d9f4a39a46810db2969adef4dbe4c
SHA1: 709545a369b74ad9167046ee1feeb822a6065442
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name javax Low
Vendor file name tomcat-jaspic-api High
Vendor jar package name security Low
Vendor pom artifactid tomcat-jaspic-api Low
Vendor pom description javax.security.auth.message package Medium
Vendor pom url http://tomcat.apache.org/ Highest
Vendor gradle groupid org.apache.tomcat Highest
Vendor pom groupid apache.tomcat Highest
Vendor jar package name auth Low
Vendor manifest: javax/security/auth/message Implementation-Vendor Apache Software Foundation Medium
Vendor central groupid org.apache.tomcat Highest
Product file name tomcat-jaspic-api High
Product jar package name message Low
Product jar package name security Low
Product central artifactid tomcat-jaspic-api Highest
Product jar package name auth Low
Product pom artifactid tomcat-jaspic-api Highest
Product manifest: javax/security/auth/message Specification-Title Java Authentication SPI for Containers Medium
Product pom description javax.security.auth.message package Medium
Product manifest: javax/security/auth/message Implementation-Title javax.security.auth.message Medium
Product pom groupid apache.tomcat Low
Product pom url http://tomcat.apache.org/ Medium
Product gradle artifactid tomcat-jaspic-api Highest
Version pom version 8.5.23 Highest
Version central version 8.5.23 Highest
Version file version 8.5.23 Highest
Published Vulnerabilities
CVE-2016-5425 suppress
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.
Vulnerable Software & Versions:
CVE-2016-6325 suppress
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.
Vulnerable Software & Versions:
CVE-2017-6056 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-19 Data Handling
It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.
Vulnerable Software & Versions:
tomcat-el-api-8.5.23.jar
Description: Expression language package
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.tomcat\tomcat-el-api\8.5.23\636b6e19ceede3f379c729dff813b4f23348b29e\tomcat-el-api-8.5.23.jar
MD5: 230ad915c91ebaa9ee68e381581aba8e
SHA1: 636b6e19ceede3f379c729dff813b4f23348b29e
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name javax Low
Vendor jar package name el Low
Vendor pom url http://tomcat.apache.org/ Highest
Vendor gradle groupid org.apache.tomcat Highest
Vendor pom groupid apache.tomcat Highest
Vendor file name tomcat-el-api High
Vendor pom artifactid tomcat-el-api Low
Vendor pom description Expression language package Medium
Vendor manifest: javax/el/ Implementation-Vendor Apache Software Foundation Medium
Vendor central groupid org.apache.tomcat Highest
Product central artifactid tomcat-el-api Highest
Product jar package name el Low
Product manifest: javax/el/ Implementation-Title javax.el Medium
Product file name tomcat-el-api High
Product pom groupid apache.tomcat Low
Product pom description Expression language package Medium
Product gradle artifactid tomcat-el-api Highest
Product manifest: javax/el/ Specification-Title Expression Language Medium
Product pom url http://tomcat.apache.org/ Medium
Product pom artifactid tomcat-el-api Highest
Version pom version 8.5.23 Highest
Version central version 8.5.23 Highest
Version file version 8.5.23 Highest
Published Vulnerabilities
CVE-2016-5425 suppress
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.
Vulnerable Software & Versions:
CVE-2016-6325 suppress
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.
Vulnerable Software & Versions:
CVE-2017-6056 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-19 Data Handling
It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.
Vulnerable Software & Versions:
ecj-3.12.3.jar
Description: Eclipse Compiler for Java(TM)
License:
Eclipse Public License: http://www.eclipse.org/legal/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.jdt\ecj\3.12.3\ade950992eb3caf6ab4f1a88706c755f0bf213d9\ecj-3.12.3.jar
MD5: 33e190a0f0745306de54fba90f381fc3
SHA1: ade950992eb3caf6ab4f1a88706c755f0bf213d9
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor central groupid org.eclipse.jdt Highest
Vendor pom groupid eclipse.jdt Highest
Vendor pom name Eclipse Compiler for Java(TM) High
Vendor pom url http://www.eclipse.org/jdt Highest
Vendor Manifest bundle-symbolicname org.eclipse.jdt.core.compiler.batch Medium
Vendor gradle groupid org.eclipse.jdt Highest
Vendor jar package name jdt Low
Vendor jar package name internal Low
Vendor pom description Eclipse Compiler for Java(TM) Medium
Vendor pom organization name Eclipse Foundation High
Vendor file name ecj High
Vendor pom organization url http://www.eclipse.org/ Medium
Vendor jar package name eclipse Low
Vendor pom artifactid ecj Low
Product pom artifactid ecj Highest
Product Manifest Bundle-Name Eclipse Compiler for Java(TM) Medium
Product jar package name compiler Low
Product central artifactid ecj Highest
Product pom name Eclipse Compiler for Java(TM) High
Product Manifest bundle-symbolicname org.eclipse.jdt.core.compiler.batch Medium
Product gradle artifactid ecj Highest
Product pom organization url http://www.eclipse.org/ Low
Product jar package name jdt Low
Product jar package name internal Low
Product pom description Eclipse Compiler for Java(TM) Medium
Product pom url http://www.eclipse.org/jdt Medium
Product file name ecj High
Product pom groupid eclipse.jdt Low
Product pom organization name Eclipse Foundation Low
Version file version 3.12.3 Highest
Version central version 3.12.3 Highest
Version pom version 3.12.3 Highest
tomcat-jasper-el-8.5.23.jar
Description: Jasper Expression Language Impl
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.tomcat\tomcat-jasper-el\8.5.23\a77e56ce7007018c9ffb0f14f0e0dfcadebd7644\tomcat-jasper-el-8.5.23.jar
MD5: 18d65038164882e2bd8741d6b027c774
SHA1: a77e56ce7007018c9ffb0f14f0e0dfcadebd7644
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name el Low
Vendor jar package name apache Low
Vendor gradle groupid org.apache.tomcat Highest
Vendor Manifest Implementation-Vendor Apache Software Foundation High
Vendor central groupid org.apache.tomcat Highest
Vendor pom description Jasper Expression Language Impl Medium
Vendor pom artifactid tomcat-jasper-el Low
Vendor file name tomcat-jasper-el High
Vendor pom url http://tomcat.apache.org/ Highest
Vendor pom groupid apache.tomcat Highest
Vendor jar package name parser Low
Vendor Manifest specification-vendor Apache Software Foundation Low
Product jar package name el Low
Product file name tomcat-jasper-el High
Product gradle artifactid tomcat-jasper-el Highest
Product pom artifactid tomcat-jasper-el Highest
Product pom groupid apache.tomcat Low
Product jar package name parser Low
Product Manifest Implementation-Title Apache Tomcat High
Product central artifactid tomcat-jasper-el Highest
Product pom url http://tomcat.apache.org/ Medium
Product Manifest specification-title Apache Tomcat Medium
Product pom description Jasper Expression Language Impl Medium
Version Manifest Implementation-Version 8.5.23 High
Version pom version 8.5.23 Highest
Version central version 8.5.23 Highest
Version file version 8.5.23 Highest
Published Vulnerabilities
CVE-2016-5425 suppress
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.
Vulnerable Software & Versions:
CVE-2016-6325 suppress
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.
Vulnerable Software & Versions:
CVE-2017-6056 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-19 Data Handling
It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.
Vulnerable Software & Versions:
xmlgraphics-commons-2.2.jar
Description:
Apache XML Graphics Commons is a library that consists of several reusable
components used by Apache Batik and Apache FOP. Many of these components
can easily be used separately outside the domains of SVG and XSL-FO.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlgraphics\xmlgraphics-commons\2.2\89f22650b8b8a5ac91207bf58190df852d97415a\xmlgraphics-commons-2.2.jar
MD5: 025a1e9ec9075ee4c07a0e7eff3f21d9
SHA1: 89f22650b8b8a5ac91207bf58190df852d97415a
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor file name xmlgraphics-commons High
Vendor jar package name apache Low
Vendor pom artifactid xmlgraphics-commons Low
Vendor pom parent-groupid org.apache Medium
Vendor pom parent-artifactid apache Low
Vendor central groupid org.apache.xmlgraphics Highest
Vendor pom organization url http://www.apache.org/ Medium
Vendor pom groupid apache.xmlgraphics Highest
Vendor pom organization name Apache Software Foundation High
Vendor pom name Apache XML Graphics Commons High
Vendor jar package name xmlgraphics Low
Vendor gradle groupid org.apache.xmlgraphics Highest
Vendor Manifest Implementation-Vendor The Apache Software Foundation (http://xmlgraphics.apache.org/) High
Vendor pom url http://xmlgraphics.apache.org/commons/ Highest
Vendor pom description Apache XML Graphics Commons is a library that consists of several reusable components used by Apache Batik and Apache FOP. Many of these components can easily be used separately outside the domains of SVG and XSL-FO. Low
Product file name xmlgraphics-commons High
Product gradle artifactid xmlgraphics-commons Highest
Product Manifest Implementation-Title Apache XML Graphics Commons High
Product pom parent-artifactid apache Medium
Product pom name Apache XML Graphics Commons High
Product pom organization url http://www.apache.org/ Low
Product jar package name xmlgraphics Low
Product pom organization name Apache Software Foundation Low
Product pom artifactid xmlgraphics-commons Highest
Product central artifactid xmlgraphics-commons Highest
Product pom url http://xmlgraphics.apache.org/commons/ Medium
Product pom parent-groupid org.apache Low
Product pom groupid apache.xmlgraphics Low
Product pom description Apache XML Graphics Commons is a library that consists of several reusable components used by Apache Batik and Apache FOP. Many of these components can easily be used separately outside the domains of SVG and XSL-FO. Low
Version pom version 2.2 Highest
Version file version 2.2 Highest
Version Manifest Implementation-Version 2.2 High
Version central version 2.2 Highest
batik-svg-dom-1.9.jar
Description: Batik SVG DOM implementation
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlgraphics\batik-svg-dom\1.9\c6535d0a6656f18706fbe68796cd803aae5d1ec6\batik-svg-dom-1.9.jar
MD5: 4f6a8ee9bb4d3d752bfdea15e0133eaf
SHA1: c6535d0a6656f18706fbe68796cd803aae5d1ec6
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name apache Low
Vendor pom description Batik SVG DOM implementation Medium
Vendor central groupid org.apache.xmlgraphics Highest
Vendor pom parent-artifactid batik Low
Vendor pom groupid apache.xmlgraphics Highest
Vendor pom parent-groupid org.apache.xmlgraphics Medium
Vendor jar package name dom Low
Vendor gradle groupid org.apache.xmlgraphics Highest
Vendor pom name org.apache.xmlgraphics:batik High
Vendor file name batik-svg-dom High
Vendor pom artifactid batik-svg-dom Low
Vendor jar package name batik Low
Product pom artifactid batik-svg-dom Highest
Product pom description Batik SVG DOM implementation Medium
Product gradle artifactid batik-svg-dom Highest
Product jar package name svg Low
Product pom parent-groupid org.apache.xmlgraphics Low
Product central artifactid batik-svg-dom Highest
Product jar package name dom Low
Product pom name org.apache.xmlgraphics:batik High
Product file name batik-svg-dom High
Product pom parent-artifactid batik Medium
Product jar package name batik Low
Product pom groupid apache.xmlgraphics Low
Version pom version 1.9 Highest
Version file version 1.9 Highest
Version central version 1.9 Highest
batik-bridge-1.9.jar
Description: Batik bridge
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlgraphics\batik-bridge\1.9\fb7509c68f90e64a45f8ceece187a211415640c1\batik-bridge-1.9.jar
MD5: b71d171a09c0169ee18fbc9059b9f6ab
SHA1: fb7509c68f90e64a45f8ceece187a211415640c1
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name apache Low
Vendor pom description Batik bridge Medium
Vendor central groupid org.apache.xmlgraphics Highest
Vendor pom parent-artifactid batik Low
Vendor jar package name bridge Low
Vendor pom groupid apache.xmlgraphics Highest
Vendor pom parent-groupid org.apache.xmlgraphics Medium
Vendor gradle groupid org.apache.xmlgraphics Highest
Vendor pom name org.apache.xmlgraphics:batik High
Vendor pom artifactid batik-bridge Low
Vendor jar package name batik Low
Vendor file name batik-bridge High
Product pom name org.apache.xmlgraphics:batik High
Product pom parent-artifactid batik Medium
Product central artifactid batik-bridge Highest
Product gradle artifactid batik-bridge Highest
Product pom description Batik bridge Medium
Product jar package name bridge Low
Product jar package name batik Low
Product pom parent-groupid org.apache.xmlgraphics Low
Product file name batik-bridge High
Product pom groupid apache.xmlgraphics Low
Product pom artifactid batik-bridge Highest
Version pom version 1.9 Highest
Version file version 1.9 Highest
Version central version 1.9 Highest
batik-awt-util-1.9.jar
Description: Batik AWT utilities
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlgraphics\batik-awt-util\1.9\855cbcf158a0ae62ce85f2705a9bfccd4e99ede7\batik-awt-util-1.9.jar
MD5: 306750a7fd548bc11cad8f5a9db76701
SHA1: 855cbcf158a0ae62ce85f2705a9bfccd4e99ede7
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom artifactid batik-awt-util Low
Vendor jar package name apache Low
Vendor file name batik-awt-util High
Vendor pom description Batik AWT utilities Medium
Vendor central groupid org.apache.xmlgraphics Highest
Vendor pom parent-artifactid batik Low
Vendor pom groupid apache.xmlgraphics Highest
Vendor pom parent-groupid org.apache.xmlgraphics Medium
Vendor gradle groupid org.apache.xmlgraphics Highest
Vendor pom name org.apache.xmlgraphics:batik High
Vendor jar package name batik Low
Vendor jar package name ext Low
Product file name batik-awt-util High
Product gradle artifactid batik-awt-util Highest
Product pom description Batik AWT utilities Medium
Product pom parent-groupid org.apache.xmlgraphics Low
Product jar package name awt Low
Product pom artifactid batik-awt-util Highest
Product pom name org.apache.xmlgraphics:batik High
Product pom parent-artifactid batik Medium
Product jar package name batik Low
Product jar package name ext Low
Product pom groupid apache.xmlgraphics Low
Product central artifactid batik-awt-util Highest
Version pom version 1.9 Highest
Version file version 1.9 Highest
Version central version 1.9 Highest
batik-gvt-1.9.jar
Description: Batik Graphics Vector Tree (GVT)
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlgraphics\batik-gvt\1.9\58fc30896e7afdcc1e5af4e557fcc0e735c5072a\batik-gvt-1.9.jar
MD5: dff5aef888632956d6bc4b6308112a42
SHA1: 58fc30896e7afdcc1e5af4e557fcc0e735c5072a
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor file name batik-gvt High
Vendor jar package name apache Low
Vendor pom description Batik Graphics Vector Tree (GVT) Medium
Vendor central groupid org.apache.xmlgraphics Highest
Vendor pom parent-artifactid batik Low
Vendor pom groupid apache.xmlgraphics Highest
Vendor pom parent-groupid org.apache.xmlgraphics Medium
Vendor gradle groupid org.apache.xmlgraphics Highest
Vendor pom name org.apache.xmlgraphics:batik High
Vendor jar package name gvt Low
Vendor jar package name batik Low
Vendor pom artifactid batik-gvt Low
Product file name batik-gvt High
Product pom artifactid batik-gvt Highest
Product pom name org.apache.xmlgraphics:batik High
Product gradle artifactid batik-gvt Highest
Product pom parent-artifactid batik Medium
Product jar package name gvt Low
Product pom description Batik Graphics Vector Tree (GVT) Medium
Product central artifactid batik-gvt Highest
Product jar package name batik Low
Product pom parent-groupid org.apache.xmlgraphics Low
Product pom groupid apache.xmlgraphics Low
Version pom version 1.9 Highest
Version file version 1.9 Highest
Version central version 1.9 Highest
batik-transcoder-1.9.jar
Description: Batik SVG transcoder
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlgraphics\batik-transcoder\1.9\46856c150c278ee2d0dfb400fcc09bd75d25aecb\batik-transcoder-1.9.jar
MD5: 349bd5aa513d49bb47cc94bc09e31288
SHA1: 46856c150c278ee2d0dfb400fcc09bd75d25aecb
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name apache Low
Vendor file name batik-transcoder High
Vendor pom description Batik SVG transcoder Medium
Vendor central groupid org.apache.xmlgraphics Highest
Vendor pom parent-artifactid batik Low
Vendor pom groupid apache.xmlgraphics Highest
Vendor pom parent-groupid org.apache.xmlgraphics Medium
Vendor pom artifactid batik-transcoder Low
Vendor gradle groupid org.apache.xmlgraphics Highest
Vendor pom name org.apache.xmlgraphics:batik High
Vendor jar package name transcoder Low
Vendor jar package name batik Low
Product central artifactid batik-transcoder Highest
Product pom name org.apache.xmlgraphics:batik High
Product gradle artifactid batik-transcoder Highest
Product pom parent-artifactid batik Medium
Product jar package name transcoder Low
Product file name batik-transcoder High
Product pom description Batik SVG transcoder Medium
Product jar package name batik Low
Product pom parent-groupid org.apache.xmlgraphics Low
Product pom artifactid batik-transcoder Highest
Product pom groupid apache.xmlgraphics Low
Version pom version 1.9 Highest
Version file version 1.9 Highest
Version central version 1.9 Highest
batik-extension-1.9.jar
Description: Batik Extension Support
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlgraphics\batik-extension\1.9\2e1f5d9da672694274cb0f623f0011199aa57ef2\batik-extension-1.9.jar
MD5: 12b4dc000de1ffaebdd02a17369b9e56
SHA1: 2e1f5d9da672694274cb0f623f0011199aa57ef2
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name apache Low
Vendor file name batik-extension High
Vendor pom artifactid batik-extension Low
Vendor central groupid org.apache.xmlgraphics Highest
Vendor pom parent-artifactid batik Low
Vendor pom groupid apache.xmlgraphics Highest
Vendor pom parent-groupid org.apache.xmlgraphics Medium
Vendor gradle groupid org.apache.xmlgraphics Highest
Vendor pom name org.apache.xmlgraphics:batik High
Vendor jar package name extension Low
Vendor jar package name batik Low
Vendor pom description Batik Extension Support Medium
Product central artifactid batik-extension Highest
Product file name batik-extension High
Product pom artifactid batik-extension Highest
Product jar package name svg Low
Product pom parent-groupid org.apache.xmlgraphics Low
Product pom name org.apache.xmlgraphics:batik High
Product jar package name extension Low
Product pom parent-artifactid batik Medium
Product jar package name batik Low
Product gradle artifactid batik-extension Highest
Product pom description Batik Extension Support Medium
Product pom groupid apache.xmlgraphics Low
Version pom version 1.9 Highest
Version file version 1.9 Highest
Version central version 1.9 Highest
batik-ext-1.9.jar
Description: Batik external code
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlgraphics\batik-ext\1.9\da90c9656f651df691c602285aa1ba40463326c1\batik-ext-1.9.jar
MD5: 482c8ee1087ca30918a155e5fb7bfb87
SHA1: da90c9656f651df691c602285aa1ba40463326c1
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom description Batik external code Medium
Vendor pom artifactid batik-ext Low
Vendor central groupid org.apache.xmlgraphics Highest
Vendor pom parent-artifactid batik Low
Vendor jar package name events Low
Vendor pom groupid apache.xmlgraphics Highest
Vendor pom parent-groupid org.apache.xmlgraphics Medium
Vendor jar package name dom Low
Vendor gradle groupid org.apache.xmlgraphics Highest
Vendor pom name org.apache.xmlgraphics:batik High
Vendor jar package name w3c Low
Vendor file name batik-ext High
Product jar package name dom Low
Product pom name org.apache.xmlgraphics:batik High
Product file name batik-ext High
Product pom parent-artifactid batik Medium
Product pom description Batik external code Medium
Product gradle artifactid batik-ext Highest
Product pom artifactid batik-ext Highest
Product pom parent-groupid org.apache.xmlgraphics Low
Product jar package name events Low
Product pom groupid apache.xmlgraphics Low
Product central artifactid batik-ext Highest
Version pom version 1.9 Highest
Version file version 1.9 Highest
Version central version 1.9 Highest
avalon-framework-api-4.3.1.jar
Description: Avalon Framework API
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.avalon.framework\avalon-framework-api\4.3.1\2dacadeb49bc14420990b1f28897d46f96e2181d\avalon-framework-api-4.3.1.jar
MD5: 7c543869a7eb2bad323a54e873973acf
SHA1: 2dacadeb49bc14420990b1f28897d46f96e2181d
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom name Avalon Framework API High
Vendor jar package name apache Low
Vendor gradle groupid org.apache.avalon.framework Highest
Vendor pom description Avalon Framework API Medium
Vendor pom parent-groupid org.apache.avalon Medium
Vendor pom groupid apache.avalon.framework Highest
Vendor jar package name framework Low
Vendor jar package name avalon Low
Vendor pom parent-artifactid avalon-framework Low
Vendor central groupid org.apache.avalon.framework Highest
Vendor pom artifactid avalon-framework-api Low
Vendor file name avalon-framework-api High
Product pom name Avalon Framework API High
Product central artifactid avalon-framework-api Highest
Product pom groupid apache.avalon.framework Low
Product pom description Avalon Framework API Medium
Product pom parent-artifactid avalon-framework Medium
Product pom artifactid avalon-framework-api Highest
Product gradle artifactid avalon-framework-api Highest
Product pom parent-groupid org.apache.avalon Low
Product jar package name framework Low
Product file name avalon-framework-api High
Product jar package name avalon Low
Version pom version 4.3.1 Highest
Version file version 4.3.1 Highest
Version central version 4.3.1 Highest
avalon-framework-impl-4.3.1.jar
Description: Avalon Framework Implementation
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.avalon.framework\avalon-framework-impl\4.3.1\2d5f5a07fd14513ce6d7a7bfaff69419c26dbd0b\avalon-framework-impl-4.3.1.jar
MD5: 004ac42a2cda8c444451ef187b24284f
SHA1: 2d5f5a07fd14513ce6d7a7bfaff69419c26dbd0b
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom artifactid avalon-framework-impl Low
Vendor jar package name apache Low
Vendor gradle groupid org.apache.avalon.framework Highest
Vendor file name avalon-framework-impl High
Vendor pom parent-groupid org.apache.avalon Medium
Vendor pom groupid apache.avalon.framework Highest
Vendor jar package name framework Low
Vendor jar package name avalon Low
Vendor pom parent-artifactid avalon-framework Low
Vendor central groupid org.apache.avalon.framework Highest
Vendor pom name Avalon Framework Implementation High
Vendor pom description Avalon Framework Implementation Medium
Product pom artifactid avalon-framework-impl Highest
Product gradle artifactid avalon-framework-impl Highest
Product pom groupid apache.avalon.framework Low
Product pom parent-artifactid avalon-framework Medium
Product pom name Avalon Framework Implementation High
Product file name avalon-framework-impl High
Product central artifactid avalon-framework-impl Highest
Product pom parent-groupid org.apache.avalon Low
Product jar package name framework Low
Product pom description Avalon Framework Implementation Medium
Product jar package name avalon Low
Version pom version 4.3.1 Highest
Version file version 4.3.1 Highest
Version central version 4.3.1 Highest
xmlrpc-common-3.1.3.jar
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlrpc\xmlrpc-common\3.1.3\415daf1f1473a947452588906dc9f5b3575fb44d\xmlrpc-common-3.1.3.jar
MD5: 22f90fb4f397b588b43a8b306167f371
SHA1: 415daf1f1473a947452588906dc9f5b3575fb44d
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom name Apache XML-RPC Common Library High
Vendor gradle groupid org.apache.xmlrpc Highest
Vendor Manifest specification-vendor UserLand Software, Inc. Low
Vendor pom groupid apache.xmlrpc Highest
Vendor pom parent-groupid org.apache.xmlrpc Medium
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor Manifest Implementation-Vendor Apache Software Foundation High
Vendor central groupid org.apache.xmlrpc Highest
Vendor Manifest extension-name org.apache.xmlrpc Medium
Vendor pom artifactid xmlrpc-common Low
Vendor file name xmlrpc-common High
Vendor pom parent-artifactid xmlrpc Low
Product Manifest specification-title XML-RPC Medium
Product pom parent-groupid org.apache.xmlrpc Low
Product pom artifactid xmlrpc-common Highest
Product gradle artifactid xmlrpc-common Highest
Product Manifest extension-name org.apache.xmlrpc Medium
Product pom name Apache XML-RPC Common Library High
Product file name xmlrpc-common High
Product pom groupid apache.xmlrpc Low
Product central artifactid xmlrpc-common Highest
Product pom parent-artifactid xmlrpc Medium
Version central version 3.1.3 Highest
Version pom version 3.1.3 Highest
Version file version 3.1.3 Highest
Version Manifest Implementation-Version 3.1.3 High
Published Vulnerabilities
CVE-2016-5002 suppress
Severity:
High
CVSS Score: 9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted DTD.
Vulnerable Software & Versions:
commons-configuration-1.10.jar
Description: Tools to assist in the reading of configuration/preferences files in various formats.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\commons-configuration\commons-configuration\1.10\2b36e4adfb66d966c5aef2d73deb6be716389dc9\commons-configuration-1.10.jar
MD5: b16511ce540fefd53981245f5f21c5f8
SHA1: 2b36e4adfb66d966c5aef2d73deb6be716389dc9
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor gradle groupid commons-configuration Highest
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom parent-groupid org.apache.commons Medium
Vendor manifest Bundle-Description Tools to assist in the reading of configuration/preferences files in various formats. Medium
Vendor central groupid commons-configuration Highest
Vendor pom artifactid commons-configuration Low
Vendor pom url http://commons.apache.org/configuration/ Highest
Vendor Manifest implementation-build tags/CONFIGURATION_1_10RC2@r1535308; 2013-10-24 01:20:22-0700 Low
Vendor pom name Apache Commons Configuration High
Vendor Manifest bundle-docurl http://commons.apache.org/configuration/ Low
Vendor Manifest bundle-symbolicname org.apache.commons.configuration Medium
Vendor pom parent-artifactid commons-parent Low
Vendor pom groupid commons-configuration Highest
Vendor pom description Tools to assist in the reading of configuration/preferences files in various formats. Medium
Vendor file name commons-configuration High
Product pom parent-groupid org.apache.commons Low
Product pom artifactid commons-configuration Highest
Product Manifest Bundle-Name Apache Commons Configuration Medium
Product pom url http://commons.apache.org/configuration/ Medium
Product Manifest Implementation-Title Apache Commons Configuration High
Product central artifactid commons-configuration Highest
Product Manifest specification-title Apache Commons Configuration Medium
Product manifest Bundle-Description Tools to assist in the reading of configuration/preferences files in various formats. Medium
Product pom parent-artifactid commons-parent Medium
Product gradle artifactid commons-configuration Highest
Product Manifest implementation-build tags/CONFIGURATION_1_10RC2@r1535308; 2013-10-24 01:20:22-0700 Low
Product pom name Apache Commons Configuration High
Product Manifest bundle-docurl http://commons.apache.org/configuration/ Low
Product Manifest bundle-symbolicname org.apache.commons.configuration Medium
Product pom groupid commons-configuration Low
Product pom description Tools to assist in the reading of configuration/preferences files in various formats. Medium
Product file name commons-configuration High
Version pom version 1.10 Highest
Version Manifest Implementation-Version 1.10 High
Version file version 1.10 Highest
Version central version 1.10 Highest
commons-beanutils-core-1.8.3.jar
File Path: Z:\Gradle\caches\modules-2\files-2.1\commons-beanutils\commons-beanutils-core\1.8.3\75812698e5e859f2cb587c622c4cdfcd61676426\commons-beanutils-core-1.8.3.jar
MD5: 944f66e681239c8353e8497920f1e5d3
SHA1: 75812698e5e859f2cb587c622c4cdfcd61676426
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name apache Low
Vendor pom parent-groupid org.apache Medium
Vendor pom parent-artifactid apache Low
Vendor pom url http://commons.apache.org/beanutils/ Highest
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor pom artifactid commons-beanutils-core Low
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor jar package name beanutils Low
Vendor pom name Commons BeanUtils Core High
Vendor pom groupid commons-beanutils Highest
Vendor file name commons-beanutils-core High
Vendor jar package name commons Low
Vendor central groupid commons-beanutils Highest
Vendor gradle groupid commons-beanutils Highest
Product pom parent-artifactid apache Medium
Product jar package name beanutils Low
Product pom name Commons BeanUtils Core High
Product gradle artifactid commons-beanutils-core Highest
Product file name commons-beanutils-core High
Product jar package name commons Low
Product Manifest Implementation-Title Commons BeanUtils Core High
Product central artifactid commons-beanutils-core Highest
Product pom groupid commons-beanutils Low
Product pom url http://commons.apache.org/beanutils/ Medium
Product pom artifactid commons-beanutils-core Highest
Product Manifest specification-title Commons BeanUtils Core Medium
Product pom parent-groupid org.apache Low
Version Manifest Implementation-Version 1.8.3 High
Version pom version 1.8.3 Highest
Version file version 1.8.3 Highest
Version central version 1.8.3 Highest
Published Vulnerabilities
CVE-2014-0114 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.
Vulnerable Software & Versions: (show all )
log4j-1.2.17.jar
Description: Apache Log4j 1.2
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\log4j\log4j\1.2.17\5af35056b4d257e4b64b9e8069c0746e8b08629f\log4j-1.2.17.jar
MD5: 04a41f0a068986f0f73485cf507c0f40
SHA1: 5af35056b4d257e4b64b9e8069c0746e8b08629f
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor manifest Bundle-Description Apache Log4j 1.2 Medium
Vendor central groupid log4j Highest
Vendor pom url http://logging.apache.org/log4j/1.2/ Highest
Vendor pom name Apache Log4j High
Vendor manifest: org.apache.log4j Implementation-Vendor "Apache Software Foundation" Medium
Vendor Manifest bundle-symbolicname log4j Medium
Vendor pom groupid log4j Highest
Vendor pom organization name Apache Software Foundation High
Vendor pom artifactid log4j Low
Vendor file name log4j High
Vendor Manifest bundle-docurl http://logging.apache.org/log4j/1.2 Low
Vendor pom description Apache Log4j 1.2 Medium
Vendor pom organization url http://www.apache.org Medium
Vendor gradle groupid log4j Highest
Product manifest Bundle-Description Apache Log4j 1.2 Medium
Product pom artifactid log4j Highest
Product pom name Apache Log4j High
Product Manifest bundle-symbolicname log4j Medium
Product Manifest Bundle-Name Apache Log4j Medium
Product pom url http://logging.apache.org/log4j/1.2/ Medium
Product file name log4j High
Product Manifest bundle-docurl http://logging.apache.org/log4j/1.2 Low
Product pom description Apache Log4j 1.2 Medium
Product gradle artifactid log4j Highest
Product pom organization name Apache Software Foundation Low
Product pom groupid log4j Low
Product central artifactid log4j Highest
Product manifest: org.apache.log4j Implementation-Title log4j Medium
Product pom organization url http://www.apache.org Low
Version central version 1.2.17 Highest
Version pom version 1.2.17 Highest
Version file version 1.2.17 Highest
cpe: cpe:/a:apache:log4j:1.2.17
Confidence :Low
suppress
maven: log4j:log4j:1.2.17 ✓
Confidence :Highest
xom-1.2.5.jar
Description: The XOM Dual Streaming/Tree API for Processing XML
License:
The GNU Lesser General Public License, Version 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\xom\xom\1.2.5\4166493b9f04e91b858ba4150b28b4d197f8f8ea\xom-1.2.5.jar
MD5: 91b16b5b53ae0804671a57dbf7623fad
SHA1: 4166493b9f04e91b858ba4150b28b4d197f8f8ea
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name nu Low
Vendor pom groupid xom Highest
Vendor central groupid xom Highest
Vendor jar package name xom Low
Vendor pom url http://xom.nu Highest
Vendor pom artifactid xom Low
Vendor file name xom High
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.2 Low
Vendor Manifest bundle-symbolicname nu.xom Medium
Vendor pom name XOM High
Vendor Manifest Implementation-Vendor Elliotte Rusty Harold High
Vendor manifest: nu/xom/jaxen/ Implementation-Vendor CodeHaus Medium
Vendor manifest: nu/xom/ Implementation-Vendor Elliotte Rusty Harold Medium
Vendor pom description The XOM Dual Streaming/Tree API for Processing XML Medium
Vendor jar package name jaxen Low
Vendor gradle groupid xom Highest
Vendor Manifest specification-vendor Elliotte Rusty Harold Low
Product manifest: nu/xom/xinclude/ Implementation-Title nu.xom.xinclude Medium
Product gradle artifactid xom Highest
Product manifest: nu/xom/xinclude/ Specification-Title XOM XInclude engine Medium
Product jar package name xom Low
Product Manifest bundle-requiredexecutionenvironment J2SE-1.2 Low
Product Manifest bundle-symbolicname nu.xom Medium
Product pom groupid xom Low
Product Manifest specification-title XOM Medium
Product manifest: nu/xom/canonical/ Specification-Title XOM Canonical XML support Medium
Product pom artifactid xom Highest
Product jar package name jaxen Low
Product pom url http://xom.nu Medium
Product manifest: nu/xom/converters/ Specification-Title XOM converters to other object models Medium
Product central artifactid xom Highest
Product manifest: nu/xom/converters/ Implementation-Title nu.xom.converters Medium
Product manifest: nu/xom/jaxen/ Specification-Title Jaxen XPath engine Medium
Product file name xom High
Product manifest: nu/xom/ Specification-Title XOM core classes Medium
Product manifest: nu/xom/ Implementation-Title nu.xom Medium
Product pom name XOM High
Product manifest: nu/xom/xslt/ Implementation-Title nu.xom.xslt Medium
Product pom description The XOM Dual Streaming/Tree API for Processing XML Medium
Product Manifest Implementation-Title XOM High
Product manifest: nu/xom/xslt/ Specification-Title XOM XSLT interface Medium
Product manifest: nu/xom/canonical/ Implementation-Title nu.xom.canonical Medium
Product manifest: nu/xom/jaxen/ Implementation-Title org.jaxen Medium
Product Manifest Bundle-Name XOM Medium
Version pom version 1.2.5 Highest
Version Manifest Implementation-Version 1.2.5 High
Version file version 1.2.5 Highest
Version central version 1.2.5 Highest
bsh-core-2.0b4.jar
Description: BeanShell core
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.beanshell\bsh-core\2.0b4\495e25a99e29970ffe8ba0b1d551e1d1a9991fc1\bsh-core-2.0b4.jar
MD5: bab431f0908fde87034f0c34c6cf1e30
SHA1: 495e25a99e29970ffe8ba0b1d551e1d1a9991fc1
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor central groupid org.beanshell Highest
Vendor hint analyzer vendor beanshell_project Highest
Vendor pom parent-groupid org.beanshell Medium
Vendor jar package name bsh Low
Vendor pom groupid beanshell Highest
Vendor pom description BeanShell core Medium
Vendor pom artifactid bsh-core Low
Vendor pom name BeanShell core High
Vendor file name bsh-core High
Vendor Manifest specification-vendor http://www.beanshell.org/ Low
Vendor gradle groupid org.beanshell Highest
Vendor pom parent-artifactid beanshell Low
Vendor Manifest Implementation-Vendor Pat Niemeyer (pat@pat.net) High
Product pom parent-artifactid beanshell Medium
Product central artifactid bsh-core Highest
Product pom groupid beanshell Low
Product hint analyzer product beanshell Highest
Product gradle artifactid bsh-core Highest
Product pom artifactid bsh-core Highest
Product pom description BeanShell core Medium
Product Manifest specification-title BeanShell core Medium
Product pom name BeanShell core High
Product file name bsh-core High
Product pom parent-groupid org.beanshell Low
Version file version 2.0.b4 Highest
Version pom version 2.0b4 Highest
Version central version 2.0b4 Highest
Published Vulnerabilities
CVE-2016-2510 suppress
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-19 Data Handling
BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler.
Vulnerable Software & Versions:
antisamy-1.5.3.jar
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.owasp.antisamy\antisamy\1.5.3\7538ad2b1afb74e74cc419e8c7b87abfd5526251\antisamy-1.5.3.jar
MD5: bb91c92518ed27bea05ccfd445ec3424
SHA1: 7538ad2b1afb74e74cc419e8c7b87abfd5526251
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom parent-artifactid antisamy-project Low
Vendor pom name OWASP AntiSamy High
Vendor Manifest Implementation-Vendor The Open Web Application Security Project (OWASP) High
Vendor file name antisamy High
Vendor pom groupid owasp.antisamy Highest
Vendor Manifest Implementation-Vendor-Id org.owasp.antisamy Medium
Vendor pom artifactid antisamy Low
Vendor central groupid org.owasp.antisamy Highest
Vendor pom parent-groupid org.owasp.antisamy Medium
Vendor gradle groupid org.owasp.antisamy Highest
Product pom name OWASP AntiSamy High
Product file name antisamy High
Product central artifactid antisamy Highest
Product pom parent-artifactid antisamy-project Medium
Product pom artifactid antisamy Highest
Product gradle artifactid antisamy Highest
Product Manifest Implementation-Title OWASP AntiSamy High
Product pom groupid owasp.antisamy Low
Product pom parent-groupid org.owasp.antisamy Low
Version pom version 1.5.3 Highest
Version central version 1.5.3 Highest
Version file version 1.5.3 Highest
Version Manifest Implementation-Version 1.5.3 High
Published Vulnerabilities
CVE-2016-10006 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input (a tag that supports style with active content), you could bypass the library protections and supply executable code. The impact is XSS.
Vulnerable Software & Versions:
CVE-2017-14735 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of : to construct a javascript: URL.
Vulnerable Software & Versions: (show all )
spring-core-4.2.3.RELEASE.jar
Description: Spring Core
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.springframework\spring-core\4.2.3.RELEASE\3ed00dad7a16b2a28df9348294f6a67151f43cf6\spring-core-4.2.3.RELEASE.jar
MD5: d32fdda47ac7d787d10d19c0f1129d6f
SHA1: 3ed00dad7a16b2a28df9348294f6a67151f43cf6
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor hint analyzer vendor pivotal software High
Vendor hint analyzer vendor SpringSource High
Vendor jar package name springframework Low
Vendor pom description Spring Core Medium
Vendor pom name Spring Core High
Vendor pom groupid springframework Highest
Vendor pom url spring-projects/spring-framework Highest
Vendor hint analyzer vendor vmware High
Vendor central groupid org.springframework Highest
Vendor pom organization url http://projects.spring.io/spring-framework Medium
Vendor pom artifactid spring-core Low
Vendor file name spring-core High
Vendor pom organization name Spring IO High
Vendor gradle groupid org.springframework Highest
Product central artifactid spring-core Highest
Product pom description Spring Core Medium
Product pom name Spring Core High
Product Manifest Implementation-Title spring-core High
Product pom artifactid spring-core Highest
Product pom url spring-projects/spring-framework High
Product pom groupid springframework Low
Product hint analyzer product springsource_spring_framework High
Product pom organization name Spring IO Low
Product gradle artifactid spring-core Highest
Product pom organization url http://projects.spring.io/spring-framework Low
Product file name spring-core High
Version central version 4.2.3.RELEASE Highest
Version Manifest Implementation-Version 4.2.3.RELEASE High
Version pom version 4.2.3.RELEASE Highest
Published Vulnerabilities
CVE-2016-5007 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls
Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences.
Vulnerable Software & Versions: (show all )
CVE-2016-9878 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.
Vulnerable Software & Versions: (show all )
viewservlets-4.5.0.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\viewservlets\4.5.0\59c773f6cd138d08b18c47ed2c1581283f573fd\viewservlets-4.5.0.jar
MD5: fca067702a5dcaaa9715924cbd616735
SHA1: 059c773f6cd138d08b18c47ed2c1581283f573fd
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom artifactid viewservlets Low
Vendor pom name viewservlets.jar High
Vendor jar package name report Low
Vendor central groupid org.eclipse.birt.runtime Highest
Vendor gradle groupid org.eclipse.birt.runtime Highest
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor file name viewservlets High
Vendor jar package name birt Low
Vendor jar package name eclipse Low
Vendor pom groupid eclipse.birt.runtime Highest
Product gradle artifactid viewservlets Highest
Product pom name viewservlets.jar High
Product central artifactid viewservlets Highest
Product jar package name report Low
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product pom groupid eclipse.birt.runtime Low
Product pom description A component of the BIRT runtime Medium
Product file name viewservlets High
Product pom artifactid viewservlets Highest
Product jar package name birt Low
Version pom version 4.5.0 Highest
Version central version 4.5.0 Highest
Version file version 4.5.0 Highest
tomcat-embed-websocket-8.5.23.jar
Description: Core Tomcat implementation
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.tomcat.embed\tomcat-embed-websocket\8.5.23\52f07abcae10dc7e1764304b0877def175c2c833\tomcat-embed-websocket-8.5.23.jar
MD5: 03ac519ccda43a838b7b4aeb9ca2f1b5
SHA1: 52f07abcae10dc7e1764304b0877def175c2c833
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name apache Low
Vendor jar package name tomcat Low
Vendor pom description Core Tomcat implementation Medium
Vendor Manifest Implementation-Vendor Apache Software Foundation High
Vendor gradle groupid org.apache.tomcat.embed Highest
Vendor pom url http://tomcat.apache.org/ Highest
Vendor central groupid org.apache.tomcat.embed Highest
Vendor pom artifactid tomcat-embed-websocket Low
Vendor file name tomcat-embed-websocket High
Vendor pom groupid apache.tomcat.embed Highest
Vendor Manifest specification-vendor Apache Software Foundation Low
Vendor jar package name websocket Low
Product jar package name tomcat Low
Product central artifactid tomcat-embed-websocket Highest
Product pom groupid apache.tomcat.embed Low
Product pom description Core Tomcat implementation Medium
Product file name tomcat-embed-websocket High
Product Manifest Implementation-Title Apache Tomcat High
Product jar package name websocket Low
Product pom artifactid tomcat-embed-websocket Highest
Product pom url http://tomcat.apache.org/ Medium
Product gradle artifactid tomcat-embed-websocket Highest
Product Manifest specification-title Apache Tomcat Medium
Version Manifest Implementation-Version 8.5.23 High
Version pom version 8.5.23 Highest
Version central version 8.5.23 Highest
Version file version 8.5.23 Highest
cas-server-core-3.3.5.jar
Description: CAS core
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.jasig.cas\cas-server-core\3.3.5\c47163c27b1a7617af14182c168d2b5b54cdd66\cas-server-core-3.3.5.jar
MD5: 14e8ad0fdfb00b8213bfdd2c36304e59
SHA1: 0c47163c27b1a7617af14182c168d2b5b54cdd66
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom groupid jasig.cas Highest
Vendor gradle groupid org.jasig.cas Highest
Vendor pom description CAS core Medium
Vendor pom parent-groupid org.jasig.cas Medium
Vendor file name cas-server-core High
Vendor pom parent-artifactid cas-server Low
Vendor pom artifactid cas-server-core Low
Vendor Manifest Implementation-Vendor-Id org.jasig.cas Medium
Vendor Manifest Implementation-Vendor Java Architectures Special Interest Group High
Vendor pom name JA-SIG CAS Core High
Vendor central groupid org.jasig.cas Highest
Product central artifactid cas-server-core Highest
Product gradle artifactid cas-server-core Highest
Product pom parent-groupid org.jasig.cas Low
Product Manifest Implementation-Title JA-SIG CAS Core High
Product pom artifactid cas-server-core Highest
Product pom description CAS core Medium
Product file name cas-server-core High
Product pom groupid jasig.cas Low
Product pom name JA-SIG CAS Core High
Product pom parent-artifactid cas-server Medium
Version central version 3.3.5 Highest
Version file version 3.3.5 Highest
Version pom version 3.3.5 Highest
Version Manifest Implementation-Version 3.3.5 High
lucene-core-7.1.0.jar
Description: Apache Lucene Java Core
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.lucene\lucene-core\7.1.0\dd291b7ebf4845483895724d2562214dc7f40049\lucene-core-7.1.0.jar
MD5: a1596d6e0ceaba84b24fec5b92fc0b96
SHA1: dd291b7ebf4845483895724d2562214dc7f40049
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest extension-name org.apache.lucene Medium
Vendor jar package name apache Low
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor central groupid org.apache.lucene Highest
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom artifactid lucene-core Low
Vendor gradle groupid org.apache.lucene Highest
Vendor file name lucene-core High
Vendor pom description Apache Lucene Java Core Medium
Vendor pom groupid apache.lucene Highest
Vendor pom parent-artifactid lucene-parent Low
Vendor pom parent-groupid org.apache.lucene Medium
Vendor pom name Lucene Core High
Vendor jar package name lucene Low
Product Manifest extension-name org.apache.lucene Medium
Product pom groupid apache.lucene Low
Product Manifest Implementation-Title org.apache.lucene High
Product file name lucene-core High
Product gradle artifactid lucene-core Highest
Product pom description Apache Lucene Java Core Medium
Product Manifest specification-title Lucene Search Engine: core Medium
Product central artifactid lucene-core Highest
Product pom artifactid lucene-core Highest
Product pom name Lucene Core High
Product pom parent-artifactid lucene-parent Medium
Product jar package name lucene Low
Product pom parent-groupid org.apache.lucene Low
Version pom version 7.1.0 Highest
Version file version 7.1.0 Highest
Version central version 7.1.0 Highest
lucene-queryparser-7.1.0.jar
Description: Lucene QueryParsers module
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.lucene\lucene-queryparser\7.1.0\5767c15c5ee97926829fd8a4337e434fa95f3c08\lucene-queryparser-7.1.0.jar
MD5: 9e237c2fb539d5061f98c74d478d46f2
SHA1: 5767c15c5ee97926829fd8a4337e434fa95f3c08
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest extension-name org.apache.lucene Medium
Vendor jar package name apache Low
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor central groupid org.apache.lucene Highest
Vendor pom description Lucene QueryParsers module Medium
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor gradle groupid org.apache.lucene Highest
Vendor file name lucene-queryparser High
Vendor pom name Lucene QueryParsers High
Vendor pom artifactid lucene-queryparser Low
Vendor pom groupid apache.lucene Highest
Vendor pom parent-artifactid lucene-parent Low
Vendor jar package name queryparser Low
Vendor pom parent-groupid org.apache.lucene Medium
Vendor jar package name lucene Low
Product Manifest extension-name org.apache.lucene Medium
Product central artifactid lucene-queryparser Highest
Product pom groupid apache.lucene Low
Product pom description Lucene QueryParsers module Medium
Product Manifest Implementation-Title org.apache.lucene High
Product pom artifactid lucene-queryparser Highest
Product file name lucene-queryparser High
Product jar package name flexible Low
Product pom name Lucene QueryParsers High
Product Manifest specification-title Lucene Search Engine: queryparser Medium
Product jar package name queryparser Low
Product pom parent-artifactid lucene-parent Medium
Product gradle artifactid lucene-queryparser Highest
Product jar package name lucene Low
Product pom parent-groupid org.apache.lucene Low
Version pom version 7.1.0 Highest
Version file version 7.1.0 Highest
Version central version 7.1.0 Highest
lucene-analyzers-common-7.1.0.jar
Description: Additional Analyzers
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.lucene\lucene-analyzers-common\7.1.0\a508bf6b580471ee568dab7d2acfedfa5aadce70\lucene-analyzers-common-7.1.0.jar
MD5: bf0e8f0fec0b8a4ebe808d3373f53217
SHA1: a508bf6b580471ee568dab7d2acfedfa5aadce70
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest extension-name org.apache.lucene Medium
Vendor jar package name apache Low
Vendor pom description Additional Analyzers Medium
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor central groupid org.apache.lucene Highest
Vendor pom artifactid lucene-analyzers-common Low
Vendor file name lucene-analyzers-common High
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor gradle groupid org.apache.lucene Highest
Vendor pom groupid apache.lucene Highest
Vendor pom parent-artifactid lucene-parent Low
Vendor pom parent-groupid org.apache.lucene Medium
Vendor jar package name analysis Low
Vendor pom name Lucene Common Analyzers High
Vendor jar package name lucene Low
Product Manifest extension-name org.apache.lucene Medium
Product pom description Additional Analyzers Medium
Product gradle artifactid lucene-analyzers-common Highest
Product pom groupid apache.lucene Low
Product file name lucene-analyzers-common High
Product Manifest Implementation-Title org.apache.lucene High
Product Manifest specification-title Lucene Search Engine: analyzers-common Medium
Product pom artifactid lucene-analyzers-common Highest
Product jar package name analysis Low
Product pom name Lucene Common Analyzers High
Product pom parent-artifactid lucene-parent Medium
Product jar package name lucene Low
Product central artifactid lucene-analyzers-common Highest
Product pom parent-groupid org.apache.lucene Low
Version pom version 7.1.0 Highest
Version file version 7.1.0 Highest
Version central version 7.1.0 Highest
jug-2.0.0-asl.jar
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
GNU Lesser General Public License v2.1: http://www.gnu.org/licenses/lgpl.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.safehaus.jug\jug\2.0.0\adf11f76e51f057e9d6903dd9a916162620386c9\jug-2.0.0-asl.jar
MD5: fe4231b92c5e4ffdc6ec308a9fd23f6a
SHA1: adf11f76e51f057e9d6903dd9a916162620386c9
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom name Java UUID Generator High
Vendor central groupid org.safehaus.jug Highest
Vendor jar package name uuid Low
Vendor pom groupid safehaus.jug Highest
Vendor Manifest Implementation-Vendor www.safehaus.org High
Vendor pom url http://jug.safehaus.org/ Highest
Vendor file name jug High
Vendor pom artifactid jug Low
Vendor gradle groupid org.safehaus.jug Highest
Vendor Manifest specification-vendor http://hegel.ittc.ku.edu/topics/internet/internet-drafts/draft-l/draft-leach-uuids-guids-01.txt Low
Vendor jar package name safehaus Low
Product pom name Java UUID Generator High
Product jar package name uuid Low
Product central artifactid jug Highest
Product Manifest specification-title UUID specification Medium
Product Manifest Implementation-Title Java Uuid/guid Generator High
Product file name jug High
Product pom url http://jug.safehaus.org/ Medium
Product pom artifactid jug Highest
Product gradle artifactid jug Highest
Product pom groupid safehaus.jug Low
Version pom version 2.0.0 Highest
Version file version 2.0.0 Highest
Version Manifest Implementation-Version 2.0.0 High
Version central version 2.0.0 Highest
maven: org.safehaus.jug:jug:2.0.0
Confidence :Highest
poi-excelant-3.14.jar
Description: Apache POI Excel Ant Tasks
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.poi\poi-excelant\3.14\49ded0a5f84a755ca7bce99ffe11fe6a972cb077\poi-excelant-3.14.jar
MD5: 5bad3dfa695bd5bc24560c9abc54e74e
SHA1: 49ded0a5f84a755ca7bce99ffe11fe6a972cb077
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor gradle groupid org.apache.poi Highest
Vendor jar package name apache Low
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor pom description Apache POI Excel Ant Tasks Medium
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor central groupid org.apache.poi Highest
Vendor pom organization url http://www.apache.org/ Medium
Vendor Manifest Implementation-Vendor-Id org.apache.poi Medium
Vendor pom organization name Apache Software Foundation High
Vendor pom url http://poi.apache.org/ Highest
Vendor pom groupid apache.poi Highest
Vendor jar package name ss Low
Vendor pom name Apache POI High
Vendor jar package name poi Low
Vendor pom artifactid poi-excelant Low
Vendor file name poi-excelant High
Product pom groupid apache.poi Low
Product gradle artifactid poi-excelant Highest
Product jar package name excelant Low
Product pom description Apache POI Excel Ant Tasks Medium
Product Manifest Implementation-Title Apache POI High
Product Manifest specification-title Apache POI Medium
Product pom artifactid poi-excelant Highest
Product pom organization url http://www.apache.org/ Low
Product central artifactid poi-excelant Highest
Product jar package name ss Low
Product pom name Apache POI High
Product pom organization name Apache Software Foundation Low
Product pom url http://poi.apache.org/ Medium
Product jar package name poi Low
Product file name poi-excelant High
Version central version 3.14 Highest
Version Manifest Implementation-Version 3.14 High
Version pom version 3.14 Highest
Version file version 3.14 Highest
Published Vulnerabilities
CVE-2017-5644 suppress
Severity:
High
CVSS Score: 7.1
(AV:N/AC:M/Au:N/C:N/I:N/A:C)
CWE: CWE-399 Resource Management Errors
Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack.
Vulnerable Software & Versions:
solr-core-7.1.0.jar
Description: Apache Solr Core
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.solr\solr-core\7.1.0\d47b6cc1a67e69e4570aa158fb8acd4c6695ed3f\solr-core-7.1.0.jar
MD5: a1a421c3c1683ce522447b2c6582fef0
SHA1: d47b6cc1a67e69e4570aa158fb8acd4c6695ed3f
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest extension-name org.apache.solr Medium
Vendor jar package name apache Low
Vendor pom name Apache Solr Core High
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor central groupid org.apache.solr Highest
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom description Apache Solr Core Medium
Vendor gradle groupid org.apache.solr Highest
Vendor pom groupid apache.solr Highest
Vendor pom artifactid solr-core Low
Vendor file name solr-core High
Vendor pom parent-artifactid solr-parent Low
Vendor jar package name solr Low
Vendor pom parent-groupid org.apache.solr Medium
Product Manifest extension-name org.apache.solr Medium
Product Manifest specification-title Apache Solr Search Server: solr-core Medium
Product pom name Apache Solr Core High
Product pom artifactid solr-core Highest
Product pom parent-artifactid solr-parent Medium
Product Manifest Implementation-Title org.apache.solr High
Product pom description Apache Solr Core Medium
Product file name solr-core High
Product gradle artifactid solr-core Highest
Product jar package name solr Low
Product pom groupid apache.solr Low
Product pom parent-groupid org.apache.solr Low
Product central artifactid solr-core Highest
Version pom version 7.1.0 Highest
Version file version 7.1.0 Highest
Version central version 7.1.0 Highest
hamcrest-core-1.3.jar
Description:
This is the core API of hamcrest matcher framework to be used by third-party framework providers. This includes the a foundation set of matcher implementations for common operations.
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.hamcrest\hamcrest-core\1.3\42a25dc3219429f0e5d060061f71acb49bf010a0\hamcrest-core-1.3.jar
MD5: 6393363b47ddcbba82321110c3e07519
SHA1: 42a25dc3219429f0e5d060061f71acb49bf010a0
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
junitReport
Evidence
Type Source Name Value Confidence
Vendor gradle groupid org.hamcrest Highest
Vendor pom name Hamcrest Core High
Vendor pom parent-artifactid hamcrest-parent Low
Vendor pom groupid hamcrest Highest
Vendor jar package name hamcrest Low
Vendor pom parent-groupid org.hamcrest Medium
Vendor file name hamcrest-core High
Vendor central groupid org.hamcrest Highest
Vendor pom artifactid hamcrest-core Low
Vendor Manifest built-date 2012-07-09 19:49:34 Low
Vendor Manifest Implementation-Vendor hamcrest.org High
Vendor pom description This is the core API of hamcrest matcher framework to be used by third-party framework providers. This includes the a foundation set of matcher implementations for common operations. Low
Product central artifactid hamcrest-core Highest
Product file name hamcrest-core High
Product pom parent-groupid org.hamcrest Low
Product pom artifactid hamcrest-core Highest
Product pom parent-artifactid hamcrest-parent Medium
Product pom name Hamcrest Core High
Product Manifest Implementation-Title hamcrest-core High
Product gradle artifactid hamcrest-core Highest
Product pom groupid hamcrest Low
Product Manifest built-date 2012-07-09 19:49:34 Low
Product pom description This is the core API of hamcrest matcher framework to be used by third-party framework providers. This includes the a foundation set of matcher implementations for common operations. Low
Version pom version 1.3 Highest
Version file version 1.3 Highest
Version Manifest Implementation-Version 1.3 High
Version central version 1.3 Highest
ant-launcher-1.10.1.jar
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.ant\ant-launcher\1.10.1\7811ccc3f0d8612e402f47581915c34b2bfa8c76\ant-launcher-1.10.1.jar
MD5: 9ef34c7d46f39c1aca11dc625ef2a0fc
SHA1: 7811ccc3f0d8612e402f47581915c34b2bfa8c76
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name apache Low
Vendor jar package name ant Low
Vendor pom name Apache Ant Launcher High
Vendor gradle groupid org.apache.ant Highest
Vendor central groupid org.apache.ant Highest
Vendor pom parent-groupid org.apache.ant Medium
Vendor pom url http://ant.apache.org/ Highest
Vendor pom parent-artifactid ant-parent Low
Vendor jar package name tools Low
Vendor pom artifactid ant-launcher Low
Vendor file name ant-launcher High
Vendor pom groupid apache.ant Highest
Product pom groupid apache.ant Low
Product jar package name ant Low
Product pom artifactid ant-launcher Highest
Product pom name Apache Ant Launcher High
Product pom parent-artifactid ant-parent Medium
Product central artifactid ant-launcher Highest
Product jar package name tools Low
Product gradle artifactid ant-launcher Highest
Product file name ant-launcher High
Product pom url http://ant.apache.org/ Medium
Product jar package name launch Low
Product pom parent-groupid org.apache.ant Low
Version file version 1.10.1 Highest
Version central version 1.10.1 Highest
Version pom version 1.10.1 Highest
geronimo-activation_1.1_spec-1.1.jar
Description: Java Activation Spec API 1.1
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.geronimo.specs\geronimo-activation_1.1_spec\1.1\f15af1b53fba7f23ce5e9de4fb57a88585aa9eee\geronimo-activation_1.1_spec-1.1.jar
MD5: 6f2756f073402855a1567c1523f66b9b
SHA1: f15af1b53fba7f23ce5e9de4fb57a88585aa9eee
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest specification-vendor Sun Microsystems, Inc. Low
Vendor pom url http://geronimo.apache.org/maven/${siteId}/${version} Highest
Vendor pom name Activation 1.1 High
Vendor pom description Java Activation Spec API 1.1 Medium
Vendor Manifest bundle-symbolicname org.apache.geronimo.specs.geronimo-activation_1.1_spec;singleton=true Medium
Vendor file name geronimo-activation_1.1_spec-1.1 High
Vendor pom parent-groupid org.apache.geronimo.genesis Medium
Vendor Manifest bundle-docurl http://geronimo.apache.org/maven/specs/geronimo-activation_1.1_spec/1.1 Low
Vendor central groupid org.apache.geronimo.specs Highest
Vendor manifest Bundle-Description Java Activation Spec API 1.1 Medium
Vendor pom artifactid geronimo-activation_1.1_spec Low
Vendor pom parent-artifactid genesis-java5-flava Low
Vendor gradle groupid org.apache.geronimo.specs Highest
Vendor pom groupid apache.geronimo.specs Highest
Product pom name Activation 1.1 High
Product pom description Java Activation Spec API 1.1 Medium
Product Manifest bundle-symbolicname org.apache.geronimo.specs.geronimo-activation_1.1_spec;singleton=true Medium
Product Manifest specification-title JSR-925 Java Activation Framework 1.1 Medium
Product pom artifactid geronimo-activation_1.1_spec Highest
Product pom groupid apache.geronimo.specs Low
Product central artifactid geronimo-activation_1.1_spec Highest
Product Manifest Implementation-Title Activation 1.1 High
Product pom url http://geronimo.apache.org/maven/${siteId}/${version} Medium
Product file name geronimo-activation_1.1_spec-1.1 High
Product Manifest Bundle-Name Activation 1.1 Medium
Product Manifest bundle-docurl http://geronimo.apache.org/maven/specs/geronimo-activation_1.1_spec/1.1 Low
Product pom parent-groupid org.apache.geronimo.genesis Low
Product manifest Bundle-Description Java Activation Spec API 1.1 Medium
Product pom parent-artifactid genesis-java5-flava Medium
Product gradle artifactid geronimo-activation_1.1_spec Highest
Version central version 1.1 Highest
Version pom version 1.1 Highest
Version Manifest Implementation-Version 1.1 High
jaxen-1.1.6.jar
Description: Jaxen is a universal Java XPath engine.
License:
http://jaxen.codehaus.org/license.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\jaxen\jaxen\1.1.6\3f8c36d9a0578e8e98f030c662b69888b1430ac0\jaxen-1.1.6.jar
MD5: a140517286b56eea981e188dcc3a13f6
SHA1: 3f8c36d9a0578e8e98f030c662b69888b1430ac0
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom groupid jaxen Highest
Vendor pom description Jaxen is a universal Java XPath engine. Medium
Vendor pom artifactid jaxen Low
Vendor file name jaxen High
Vendor Manifest bundle-docurl http://codehaus.org Low
Vendor pom organization url http://codehaus.org Medium
Vendor pom organization name Codehaus High
Vendor pom name jaxen High
Vendor gradle groupid jaxen Highest
Vendor manifest Bundle-Description Jaxen is a universal Java XPath engine. Medium
Vendor central groupid jaxen Highest
Vendor pom url http://jaxen.codehaus.org/ Highest
Vendor Manifest bundle-symbolicname jaxen Medium
Product pom description Jaxen is a universal Java XPath engine. Medium
Product file name jaxen High
Product Manifest Bundle-Name jaxen Medium
Product pom organization name Codehaus Low
Product Manifest bundle-docurl http://codehaus.org Low
Product pom organization url http://codehaus.org Low
Product gradle artifactid jaxen Highest
Product pom groupid jaxen Low
Product central artifactid jaxen Highest
Product pom name jaxen High
Product pom artifactid jaxen Highest
Product manifest Bundle-Description Jaxen is a universal Java XPath engine. Medium
Product pom url http://jaxen.codehaus.org/ Medium
Product Manifest bundle-symbolicname jaxen Medium
Version pom version 1.1.6 Highest
Version file version 1.1.6 Highest
Version central version 1.1.6 Highest
geronimo-stax-api_1.0_spec-1.0.1.jar
Description: Provides open-source implementations of Sun specifications.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.geronimo.specs\geronimo-stax-api_1.0_spec\1.0.1\1c171093a8b43aa550c6050ac441abe713ebb4f2\geronimo-stax-api_1.0_spec-1.0.1.jar
MD5: b7c2a715cd3d1c43dc4ccfae426e8e2e
SHA1: 1c171093a8b43aa550c6050ac441abe713ebb4f2
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom artifactid geronimo-stax-api_1.0_spec Low
Vendor file name geronimo-stax-api_1.0_spec-1.0.1 High
Vendor pom parent-artifactid specs Low
Vendor Manifest bundle-symbolicname org.apache.geronimo.specs.geronimo-stax-api_1.0_spec Medium
Vendor manifest Bundle-Description Provides open-source implementations of Sun specifications. Medium
Vendor central groupid org.apache.geronimo.specs Highest
Vendor pom name Streaming API for XML (STAX API 1.0) High
Vendor pom parent-groupid org.apache.geronimo.specs Medium
Vendor gradle groupid org.apache.geronimo.specs Highest
Vendor pom groupid apache.geronimo.specs Highest
Vendor Manifest bundle-docurl http://www.apache.org Low
Product Manifest Implementation-Title Apache Geronimo High
Product pom artifactid geronimo-stax-api_1.0_spec Highest
Product manifest Bundle-Description Provides open-source implementations of Sun specifications. Medium
Product pom parent-artifactid specs Medium
Product central artifactid geronimo-stax-api_1.0_spec Highest
Product pom groupid apache.geronimo.specs Low
Product Manifest Bundle-Name geronimo-stax-api_1.0_spec Medium
Product pom parent-groupid org.apache.geronimo.specs Low
Product gradle artifactid geronimo-stax-api_1.0_spec Highest
Product file name geronimo-stax-api_1.0_spec-1.0.1 High
Product Manifest bundle-symbolicname org.apache.geronimo.specs.geronimo-stax-api_1.0_spec Medium
Product pom name Streaming API for XML (STAX API 1.0) High
Product Manifest bundle-docurl http://www.apache.org Low
Version pom version 1.0.1 Highest
Version Manifest Implementation-Version 1.0.1 High
Version central version 1.0.1 Highest
httpcore-4.4.6.jar
Description:
Apache HttpComponents Core (blocking I/O)
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.httpcomponents\httpcore\4.4.6\e3fd8ced1f52c7574af952e2e6da0df8df08eb82\httpcore-4.4.6.jar
MD5: a9fbd503e0802507efeeaffb56bbdf52
SHA1: e3fd8ced1f52c7574af952e2e6da0df8df08eb82
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom parent-groupid org.apache.httpcomponents Medium
Vendor gradle groupid org.apache.httpcomponents Highest
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor Manifest url http://hc.apache.org/httpcomponents-core-ga Low
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor Manifest implementation-url http://hc.apache.org/httpcomponents-core-ga Low
Vendor Manifest implementation-build tags/4.4.6-RC1/httpcore@r1777789; 2017-01-07 14:48:48+0100 Low
Vendor pom artifactid httpcore Low
Vendor central groupid org.apache.httpcomponents Highest
Vendor file name httpcore High
Vendor pom groupid apache.httpcomponents Highest
Vendor pom parent-artifactid httpcomponents-core Low
Vendor pom description
Apache HttpComponents Core (blocking I/O)
Medium
Vendor pom name Apache HttpCore High
Vendor pom url http://hc.apache.org/httpcomponents-core-ga Highest
Product Manifest Implementation-Title HttpComponents Apache HttpCore High
Product pom artifactid httpcore Highest
Product pom parent-groupid org.apache.httpcomponents Low
Product pom groupid apache.httpcomponents Low
Product pom url http://hc.apache.org/httpcomponents-core-ga Medium
Product Manifest url http://hc.apache.org/httpcomponents-core-ga Low
Product Manifest implementation-url http://hc.apache.org/httpcomponents-core-ga Low
Product Manifest specification-title HttpComponents Apache HttpCore Medium
Product central artifactid httpcore Highest
Product Manifest implementation-build tags/4.4.6-RC1/httpcore@r1777789; 2017-01-07 14:48:48+0100 Low
Product file name httpcore High
Product gradle artifactid httpcore Highest
Product pom parent-artifactid httpcomponents-core Medium
Product pom description
Apache HttpComponents Core (blocking I/O)
Medium
Product pom name Apache HttpCore High
Version pom version 4.4.6 Highest
Version central version 4.4.6 Highest
Version Manifest Implementation-Version 4.4.6 High
Version file version 4.4.6 Highest
shiro-crypto-core-1.4.0.jar
Description: Apache Shiro is a powerful and flexible open-source security framework that cleanly handles authentication, authorization, enterprise session management, single sign-on and cryptography services.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.shiro\shiro-crypto-core\1.4.0\7049325bba697985eee924eda03cb7971af1b808\shiro-crypto-core-1.4.0.jar
MD5: 53fc38f4845087acf364bcf9a507fdd7
SHA1: 7049325bba697985eee924eda03cb7971af1b808
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom artifactid shiro-crypto-core Low
Vendor file name shiro-crypto-core High
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor pom parent-artifactid shiro-root Low
Vendor pom parent-groupid org.apache.shiro Medium
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Vendor manifest Bundle-Description Apache Shiro is a powerful and flexible open-source security framework that cleanly handles authentication, authorization, enterprise session management, single sign-on and cryptography services. Low
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor Manifest bundle-docurl https://www.apache.org/ Low
Vendor pom groupid apache.shiro Highest
Vendor pom name Apache Shiro :: Cryptography :: Core High
Vendor gradle groupid org.apache.shiro Highest
Vendor Manifest bundle-symbolicname org.apache.shiro.crypto.core Medium
Vendor Manifest Implementation-Vendor-Id org.apache.shiro Medium
Vendor central groupid org.apache.shiro Highest
Product gradle artifactid shiro-crypto-core Highest
Product file name shiro-crypto-core High
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Product Manifest Bundle-Name Apache Shiro :: Cryptography :: Core Medium
Product manifest Bundle-Description Apache Shiro is a powerful and flexible open-source security framework that cleanly handles authentication, authorization, enterprise session management, single sign-on and cryptography services. Low
Product pom parent-groupid org.apache.shiro Low
Product pom parent-artifactid shiro-root Medium
Product pom groupid apache.shiro Low
Product central artifactid shiro-crypto-core Highest
Product Manifest specification-title Apache Shiro :: Cryptography :: Core Medium
Product Manifest bundle-docurl https://www.apache.org/ Low
Product pom name Apache Shiro :: Cryptography :: Core High
Product pom artifactid shiro-crypto-core Highest
Product Manifest bundle-symbolicname org.apache.shiro.crypto.core Medium
Product Manifest Implementation-Title Apache Shiro :: Cryptography :: Core High
Version file version 1.4.0 Highest
Version central version 1.4.0 Highest
Version Manifest Implementation-Version 1.4.0 High
Version pom version 1.4.0 Highest
commons-lang-2.6.jar
Description:
Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\commons-lang\commons-lang\2.6\ce1edb914c94ebc388f086c6827e8bdeec71ac2\commons-lang-2.6.jar
MD5: 4d5c1693079575b362edf41500630bbd
SHA1: 0ce1edb914c94ebc388f086c6827e8bdeec71ac2
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom groupid commons-lang Highest
Vendor pom description Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang. Low
Vendor central groupid commons-lang Highest
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom parent-groupid org.apache.commons Medium
Vendor pom name Commons Lang High
Vendor manifest Bundle-Description Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang. Low
Vendor pom url http://commons.apache.org/lang/ Highest
Vendor gradle groupid commons-lang Highest
Vendor Manifest bundle-docurl http://commons.apache.org/lang/ Low
Vendor pom parent-artifactid commons-parent Low
Vendor Manifest bundle-symbolicname org.apache.commons.lang Medium
Vendor file name commons-lang High
Vendor pom artifactid commons-lang Low
Product pom parent-groupid org.apache.commons Low
Product pom description Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang. Low
Product pom url http://commons.apache.org/lang/ Medium
Product gradle artifactid commons-lang Highest
Product pom artifactid commons-lang Highest
Product pom name Commons Lang High
Product manifest Bundle-Description Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang. Low
Product pom groupid commons-lang Low
Product pom parent-artifactid commons-parent Medium
Product central artifactid commons-lang Highest
Product Manifest Bundle-Name Commons Lang Medium
Product Manifest bundle-docurl http://commons.apache.org/lang/ Low
Product Manifest Implementation-Title Commons Lang High
Product Manifest bundle-symbolicname org.apache.commons.lang Medium
Product file name commons-lang High
Product Manifest specification-title Commons Lang Medium
Version file version 2.6 Highest
Version central version 2.6 Highest
Version Manifest Implementation-Version 2.6 High
Version pom version 2.6 Highest
pdfbox-debugger-2.0.6.jar
Description:
The Apache PDFBox library is an open source Java tool for working with PDF documents.
This artefact contains the PDFDebugger.
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.pdfbox\pdfbox-debugger\2.0.6\8691431b419692d58640de8428ce35d03fa1770d\pdfbox-debugger-2.0.6.jar
MD5: a5773eac13e69854c96d14d9bad37191
SHA1: 8691431b419692d58640de8428ce35d03fa1770d
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom parent-groupid org.apache.pdfbox Medium
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor pom name Apache PDFBox Debugger High
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor gradle groupid org.apache.pdfbox Highest
Vendor pom artifactid pdfbox-debugger Low
Vendor file name pdfbox-debugger High
Vendor Manifest Implementation-Vendor-Id org.apache.pdfbox Medium
Vendor central groupid org.apache.pdfbox Highest
Vendor pom parent-artifactid pdfbox-parent Low
Vendor pom groupid apache.pdfbox Highest
Vendor pom description The Apache PDFBox library is an open source Java tool for working with PDF documents. This artefact contains the PDFDebugger. Low
Product file name pdfbox-debugger High
Product pom parent-groupid org.apache.pdfbox Low
Product Manifest Implementation-Title Apache PDFBox Debugger High
Product gradle artifactid pdfbox-debugger Highest
Product pom groupid apache.pdfbox Low
Product pom artifactid pdfbox-debugger Highest
Product Manifest specification-title Apache PDFBox Debugger Medium
Product pom parent-artifactid pdfbox-parent Medium
Product central artifactid pdfbox-debugger Highest
Product pom name Apache PDFBox Debugger High
Product pom description The Apache PDFBox library is an open source Java tool for working with PDF documents. This artefact contains the PDFDebugger. Low
Version pom version 2.0.6 Highest
Version Manifest Implementation-Version 2.0.6 High
Version file version 2.0.6 Highest
Version central version 2.0.6 Highest
bcpkix-jdk15on-1.54.jar
Description: The Bouncy Castle Java APIs for CMS, PKCS, EAC, TSP, CMP, CRMF, OCSP, and certificate generation. This jar contains APIs for JDK 1.5 to JDK 1.8. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs.
License:
Bouncy Castle Licence: http://www.bouncycastle.org/licence.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.bouncycastle\bcpkix-jdk15on\1.54\b11bfee99bb11eea344de6e4a07fe89212c55c02\bcpkix-jdk15on-1.54.jar
MD5: ea8e906cfcda284d0ae934b82863862d
SHA1: b11bfee99bb11eea344de6e4a07fe89212c55c02
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest originally-created-by 24.91-b01 (Oracle Corporation) Low
Vendor Manifest caller-allowable-codebase * Low
Vendor pom url http://www.bouncycastle.org/java.html Highest
Vendor file name bcpkix-jdk15on High
Vendor Manifest application-library-allowable-codebase * Low
Vendor Manifest specification-vendor BouncyCastle.org Low
Vendor gradle groupid org.bouncycastle Highest
Vendor jar package name bouncycastle Low
Vendor Manifest extension-name org.bouncycastle.bcpkix Medium
Vendor Manifest application-name Bouncy Castle PKIX API Medium
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5, JavaSE-1.6, JavaSE-1.7, JavaSE-1.8, JavaSE-1.9 Low
Vendor Manifest Implementation-Vendor-Id org.bouncycastle Medium
Vendor central groupid org.bouncycastle Highest
Vendor pom artifactid bcpkix-jdk15on Low
Vendor Manifest permissions all-permissions Low
Vendor pom groupid bouncycastle Highest
Vendor pom description The Bouncy Castle Java APIs for CMS, PKCS, EAC, TSP, CMP, CRMF, OCSP, and certificate generation. This jar contains APIs for JDK 1.5 to JDK 1.8. The APIs can be used in conjunction with a JCE/JCA provider ... Low
Vendor Manifest bundle-symbolicname bcpkix Medium
Vendor Manifest Implementation-Vendor BouncyCastle.org High
Vendor Manifest codebase * Low
Vendor pom name Bouncy Castle PKIX, CMS, EAC, TSP, PKCS, OCSP, CMP, and CRMF APIs High
Product Manifest originally-created-by 24.91-b01 (Oracle Corporation) Low
Product Manifest caller-allowable-codebase * Low
Product pom groupid bouncycastle Low
Product file name bcpkix-jdk15on High
Product gradle artifactid bcpkix-jdk15on Highest
Product Manifest application-library-allowable-codebase * Low
Product Manifest extension-name org.bouncycastle.bcpkix Medium
Product Manifest application-name Bouncy Castle PKIX API Medium
Product Manifest Bundle-Name bcpkix Medium
Product Manifest bundle-requiredexecutionenvironment J2SE-1.5, JavaSE-1.6, JavaSE-1.7, JavaSE-1.8, JavaSE-1.9 Low
Product Manifest permissions all-permissions Low
Product pom description The Bouncy Castle Java APIs for CMS, PKCS, EAC, TSP, CMP, CRMF, OCSP, and certificate generation. This jar contains APIs for JDK 1.5 to JDK 1.8. The APIs can be used in conjunction with a JCE/JCA provider ... Low
Product pom url http://www.bouncycastle.org/java.html Medium
Product pom artifactid bcpkix-jdk15on Highest
Product Manifest bundle-symbolicname bcpkix Medium
Product central artifactid bcpkix-jdk15on Highest
Product Manifest codebase * Low
Product pom name Bouncy Castle PKIX, CMS, EAC, TSP, PKCS, OCSP, CMP, and CRMF APIs High
Version pom version 1.54 Highest
Version Manifest Implementation-Version 1.54.0 High
Version file version 1.54 Highest
Version central version 1.54 Highest
xmpcore-5.1.2.jar
Description:
The XMP Library for Java is based on the C++ XMPCore library
and the API is similar.
License:
The BSD License: http://www.adobe.com/devnet/xmp/library/eula-xmp-library-java.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.adobe.xmp\xmpcore\5.1.2\55615fa2582424e38705487d1d3969af8554f637\xmpcore-5.1.2.jar
MD5: 0b2cf2a09d32abdedd17de864e93ad25
SHA1: 55615fa2582424e38705487d1d3969af8554f637
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom description
The XMP Library for Java is based on the C++ XMPCore library
and the API is similar.
Medium
Vendor central groupid com.adobe.xmp Highest
Vendor pom url http://www.adobe.com/devnet/xmp.html Highest
Vendor pom name XMP Library for Java High
Vendor jar package name adobe Low
Vendor Manifest implementation-engbuild 003 Low
Vendor pom artifactid xmpcore Low
Vendor file name xmpcore High
Vendor Manifest implementation-micro 1 Low
Vendor Manifest implementation-major 5 Low
Vendor Manifest Implementation-Vendor Copyright 2006-2009 Adobe Systems Incorporated. All rights reserved High
Vendor gradle groupid com.adobe.xmp Highest
Vendor Manifest implementation-minor 1 Low
Vendor jar package name xmp Low
Vendor pom groupid adobe.xmp Highest
Vendor Manifest builddate 2012 Jul 03 11:48:46-CEST Low
Vendor jar package name impl Low
Product pom description
The XMP Library for Java is based on the C++ XMPCore library
and the API is similar.
Medium
Product pom artifactid xmpcore Highest
Product pom groupid adobe.xmp Low
Product pom name XMP Library for Java High
Product Manifest implementation-engbuild 003 Low
Product pom url http://www.adobe.com/devnet/xmp.html Medium
Product file name xmpcore High
Product Manifest implementation-micro 1 Low
Product Manifest implementation-major 5 Low
Product gradle artifactid xmpcore Highest
Product Manifest Implementation-Title Adobe XMP Core High
Product Manifest implementation-minor 1 Low
Product jar package name xmp Low
Product Manifest builddate 2012 Jul 03 11:48:46-CEST Low
Product jar package name impl Low
Product central artifactid xmpcore Highest
Version pom version 5.1.2 Highest
Version file version 5.1.2 Highest
Version central version 5.1.2 Highest
rome-utils-1.5.1.jar
Description: Utility classes for ROME projects
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.rometools\rome-utils\1.5.1\3a3d6473a2f5d55fb31bf6c269af963fdea13b54\rome-utils-1.5.1.jar
MD5: ba0f0958cbbacd734b383038c3dcb0ef
SHA1: 3a3d6473a2f5d55fb31bf6c269af963fdea13b54
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom groupid rometools Highest
Vendor pom parent-artifactid rome-parent Low
Vendor pom name rome-utils High
Vendor pom description Utility classes for ROME projects Medium
Vendor jar package name rometools Low
Vendor pom parent-groupid com.rometools Medium
Vendor gradle groupid com.rometools Highest
Vendor jar package name utils Low
Vendor file name rome-utils High
Vendor pom artifactid rome-utils Low
Vendor pom url http://rometools.github.io/rome-utils/ Highest
Vendor central groupid com.rometools Highest
Product gradle artifactid rome-utils Highest
Product pom parent-groupid com.rometools Low
Product pom artifactid rome-utils Highest
Product pom url http://rometools.github.io/rome-utils/ Medium
Product pom parent-artifactid rome-parent Medium
Product pom groupid rometools Low
Product jar package name utils Low
Product pom name rome-utils High
Product pom description Utility classes for ROME projects Medium
Product central artifactid rome-utils Highest
Product file name rome-utils High
Version file version 1.5.1 Highest
Version pom version 1.5.1 Highest
Version central version 1.5.1 Highest
commons-vfs2-2.0.jar
Description: VFS is a Virtual File System library.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.commons\commons-vfs2\2.0\b5af3b9c96b060d77c68fa5ac9384b402dd58013\commons-vfs2-2.0.jar
MD5: a2cabc6a91a9de9e3d5d460b06d65b45
SHA1: b5af3b9c96b060d77c68fa5ac9384b402dd58013
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor file name commons-vfs2 High
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor pom description VFS is a Virtual File System library. Medium
Vendor pom artifactid commons-vfs2 Low
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor pom groupid apache.commons Highest
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom parent-groupid org.apache.commons Medium
Vendor pom name Commons VFS Core High
Vendor Manifest bundle-docurl http://commons.apache.org/vfs/commons-vfs2/ Low
Vendor pom parent-artifactid commons-vfs2-project Low
Vendor central groupid org.apache.commons Highest
Vendor manifest Bundle-Description VFS is a Virtual File System library. Medium
Vendor Manifest bundle-symbolicname org.apache.commons.vfs Medium
Vendor gradle groupid org.apache.commons Highest
Product pom parent-groupid org.apache.commons Low
Product file name commons-vfs2 High
Product central artifactid commons-vfs2 Highest
Product pom description VFS is a Virtual File System library. Medium
Product pom artifactid commons-vfs2 Highest
Product pom name Commons VFS Core High
Product Manifest specification-title Commons VFS Core Medium
Product Manifest Bundle-Name Commons VFS Core Medium
Product Manifest bundle-docurl http://commons.apache.org/vfs/commons-vfs2/ Low
Product Manifest Implementation-Title Commons VFS Core High
Product pom parent-artifactid commons-vfs2-project Medium
Product manifest Bundle-Description VFS is a Virtual File System library. Medium
Product gradle artifactid commons-vfs2 Highest
Product pom groupid apache.commons Low
Product Manifest bundle-symbolicname org.apache.commons.vfs Medium
Version file version 2.0 Highest
Version central version 2.0 Highest
Version pom version 2.0 Highest
Version Manifest Implementation-Version 2.0 High
cxf-rt-transports-http-3.0.12.jar
Description: Apache CXF Runtime HTTP Transport
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.cxf\cxf-rt-transports-http\3.0.12\e2eedc03de7f1cda7e94e2af2685f9124c668fd5\cxf-rt-transports-http-3.0.12.jar
MD5: e7e04464d9706e364470fc53d61e3b88
SHA1: e2eedc03de7f1cda7e94e2af2685f9124c668fd5
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom name Apache CXF Runtime HTTP Transport High
Vendor gradle groupid org.apache.cxf Highest
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom parent-artifactid cxf-parent Low
Vendor central groupid org.apache.cxf Highest
Vendor Manifest bundle-docurl http://cxf.apache.org Low
Vendor pom description Apache CXF Runtime HTTP Transport Medium
Vendor pom parent-groupid org.apache.cxf Medium
Vendor Manifest bundle-symbolicname org.apache.cxf.cxf-rt-transports-http Medium
Vendor file name cxf-rt-transports-http High
Vendor pom url http://cxf.apache.org Highest
Vendor Manifest export-service org.apache.aries.blueprint.NamespaceHandler;osgi.service.blueprint.namespace="http://cxf.apache.org/transports/http/configuration" Low
Vendor pom artifactid cxf-rt-transports-http Low
Vendor manifest Bundle-Description Apache CXF Runtime HTTP Transport Medium
Vendor pom groupid apache.cxf Highest
Product pom name Apache CXF Runtime HTTP Transport High
Product pom groupid apache.cxf Low
Product central artifactid cxf-rt-transports-http Highest
Product pom artifactid cxf-rt-transports-http Highest
Product pom url http://cxf.apache.org Medium
Product Manifest bundle-docurl http://cxf.apache.org Low
Product pom parent-artifactid cxf-parent Medium
Product pom description Apache CXF Runtime HTTP Transport Medium
Product gradle artifactid cxf-rt-transports-http Highest
Product Manifest bundle-symbolicname org.apache.cxf.cxf-rt-transports-http Medium
Product Manifest Bundle-Name Apache CXF Runtime HTTP Transport Medium
Product file name cxf-rt-transports-http High
Product pom parent-groupid org.apache.cxf Low
Product Manifest export-service org.apache.aries.blueprint.NamespaceHandler;osgi.service.blueprint.namespace="http://cxf.apache.org/transports/http/configuration" Low
Product manifest Bundle-Description Apache CXF Runtime HTTP Transport Medium
Version Manifest Implementation-Version 3.0.12 High
Version pom version 3.0.12 Highest
Version file version 3.0.12 Highest
Version central version 3.0.12 Highest
Published Vulnerabilities
CVE-2015-5253 suppress
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:P/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The SAML Web SSO module in Apache CXF before 2.7.18, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote authenticated users to bypass authentication via a crafted SAML response with a valid signed assertion, related to a "wrapping attack."
Vulnerable Software & Versions: (show all )
CVE-2017-3156 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-361 Time and State
The OAuth2 Hawk and JOSE MAC Validation code in Apache CXF prior to 3.0.13 and 3.1.x prior to 3.1.10 is not using a constant time MAC signature comparison algorithm which may be exploited by sophisticated timing attacks.
Vulnerable Software & Versions: (show all )
CVE-2017-5653 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-20 Improper Input Validation
JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers.
Vulnerable Software & Versions: (show all )
CVE-2017-5656 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-384
Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of caching tokens that are associated with delegation tokens, which means that an attacker could craft a token which would return an identifer corresponding to a cached token for another user.
Vulnerable Software & Versions: (show all )
cxf-core-3.0.12.jar
Description: Apache CXF Core
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.cxf\cxf-core\3.0.12\7c7beb6875fb180cc5813bfa85456f92b5b62505\cxf-core-3.0.12.jar
MD5: 33bb89b42bb979c6a4c2f7ed2d16e63c
SHA1: 7c7beb6875fb180cc5813bfa85456f92b5b62505
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor gradle groupid org.apache.cxf Highest
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom parent-artifactid cxf-parent Low
Vendor pom description Apache CXF Core Medium
Vendor central groupid org.apache.cxf Highest
Vendor Manifest bundle-docurl http://cxf.apache.org Low
Vendor Manifest bundle-symbolicname org.apache.cxf.cxf-core Medium
Vendor pom parent-groupid org.apache.cxf Medium
Vendor manifest Bundle-Description Apache CXF Core Medium
Vendor pom url http://cxf.apache.org Highest
Vendor pom name Apache CXF Core High
Vendor Manifest export-service org.apache.aries.blueprint.NamespaceHandler;osgi.service.blueprint.namespace="http://cxf.apache.org/blueprint/core",org.apache.aries.blueprint.NamespaceHandler;osgi.service.blueprint.namespace="http://cxf.apache.org/configuration/beans",org.apache.aries.blueprint.NamespaceHandler;osgi.service.blueprint.namespace="http://cxf.apache.org/configuration/parameterized-types",org.apache.aries.blueprint.NamespaceHandler;osgi.service.blueprint.namespace="http://cxf.apache.org/configuration/security",org.apache.aries.blueprint.NamespaceHandler;osgi.service.blueprint.namespace="http://schemas.xmlsoap.org/wsdl/", Low
Vendor pom artifactid cxf-core Low
Vendor pom groupid apache.cxf Highest
Vendor file name cxf-core High
Product pom groupid apache.cxf Low
Product central artifactid cxf-core Highest
Product Manifest Bundle-Name Apache CXF Core Medium
Product pom url http://cxf.apache.org Medium
Product pom description Apache CXF Core Medium
Product Manifest bundle-docurl http://cxf.apache.org Low
Product pom artifactid cxf-core Highest
Product pom parent-artifactid cxf-parent Medium
Product gradle artifactid cxf-core Highest
Product Manifest bundle-symbolicname org.apache.cxf.cxf-core Medium
Product pom parent-groupid org.apache.cxf Low
Product manifest Bundle-Description Apache CXF Core Medium
Product pom name Apache CXF Core High
Product Manifest export-service org.apache.aries.blueprint.NamespaceHandler;osgi.service.blueprint.namespace="http://cxf.apache.org/blueprint/core",org.apache.aries.blueprint.NamespaceHandler;osgi.service.blueprint.namespace="http://cxf.apache.org/configuration/beans",org.apache.aries.blueprint.NamespaceHandler;osgi.service.blueprint.namespace="http://cxf.apache.org/configuration/parameterized-types",org.apache.aries.blueprint.NamespaceHandler;osgi.service.blueprint.namespace="http://cxf.apache.org/configuration/security",org.apache.aries.blueprint.NamespaceHandler;osgi.service.blueprint.namespace="http://schemas.xmlsoap.org/wsdl/", Low
Product file name cxf-core High
Version Manifest Implementation-Version 3.0.12 High
Version pom version 3.0.12 Highest
Version file version 3.0.12 Highest
Version central version 3.0.12 Highest
Published Vulnerabilities
CVE-2015-5253 suppress
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:P/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The SAML Web SSO module in Apache CXF before 2.7.18, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote authenticated users to bypass authentication via a crafted SAML response with a valid signed assertion, related to a "wrapping attack."
Vulnerable Software & Versions: (show all )
CVE-2017-3156 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-361 Time and State
The OAuth2 Hawk and JOSE MAC Validation code in Apache CXF prior to 3.0.13 and 3.1.x prior to 3.1.10 is not using a constant time MAC signature comparison algorithm which may be exploited by sophisticated timing attacks.
Vulnerable Software & Versions: (show all )
CVE-2017-5653 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-20 Improper Input Validation
JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers.
Vulnerable Software & Versions: (show all )
CVE-2017-5656 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-384
Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of caching tokens that are associated with delegation tokens, which means that an attacker could craft a token which would return an identifer corresponding to a cached token for another user.
Vulnerable Software & Versions: (show all )
cxf-rt-frontend-jaxrs-3.0.12.jar
Description: Apache CXF Runtime JAX-RS Frontend
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.cxf\cxf-rt-frontend-jaxrs\3.0.12\30a94ced70c56464c8a1f2c409f33c403afa24ec\cxf-rt-frontend-jaxrs-3.0.12.jar
MD5: 21e16fda72a0a652fd4209635eb6de48
SHA1: 30a94ced70c56464c8a1f2c409f33c403afa24ec
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor file name cxf-rt-frontend-jaxrs High
Vendor Manifest export-service org.apache.aries.blueprint.NamespaceHandler;osgi.service.blueprint.namespace="http://cxf.apache.org/blueprint/jaxrs" Low
Vendor gradle groupid org.apache.cxf Highest
Vendor pom artifactid cxf-rt-frontend-jaxrs Low
Vendor manifest Bundle-Description Apache CXF Runtime JAX-RS Frontend Medium
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom parent-artifactid cxf-parent Low
Vendor central groupid org.apache.cxf Highest
Vendor Manifest bundle-docurl http://cxf.apache.org Low
Vendor pom parent-groupid org.apache.cxf Medium
Vendor Manifest bundle-symbolicname org.apache.cxf.cxf-rt-frontend-jaxrs Medium
Vendor pom description Apache CXF Runtime JAX-RS Frontend Medium
Vendor pom url http://cxf.apache.org Highest
Vendor pom name Apache CXF Runtime JAX-RS Frontend High
Vendor pom groupid apache.cxf Highest
Product file name cxf-rt-frontend-jaxrs High
Product Manifest export-service org.apache.aries.blueprint.NamespaceHandler;osgi.service.blueprint.namespace="http://cxf.apache.org/blueprint/jaxrs" Low
Product pom groupid apache.cxf Low
Product manifest Bundle-Description Apache CXF Runtime JAX-RS Frontend Medium
Product pom url http://cxf.apache.org Medium
Product central artifactid cxf-rt-frontend-jaxrs Highest
Product gradle artifactid cxf-rt-frontend-jaxrs Highest
Product Manifest bundle-docurl http://cxf.apache.org Low
Product pom parent-artifactid cxf-parent Medium
Product Manifest bundle-symbolicname org.apache.cxf.cxf-rt-frontend-jaxrs Medium
Product pom description Apache CXF Runtime JAX-RS Frontend Medium
Product pom parent-groupid org.apache.cxf Low
Product pom artifactid cxf-rt-frontend-jaxrs Highest
Product pom name Apache CXF Runtime JAX-RS Frontend High
Product Manifest Bundle-Name Apache CXF Runtime JAX-RS Frontend Medium
Version Manifest Implementation-Version 3.0.12 High
Version pom version 3.0.12 Highest
Version file version 3.0.12 Highest
Version central version 3.0.12 Highest
Published Vulnerabilities
CVE-2015-5253 suppress
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:P/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The SAML Web SSO module in Apache CXF before 2.7.18, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote authenticated users to bypass authentication via a crafted SAML response with a valid signed assertion, related to a "wrapping attack."
Vulnerable Software & Versions: (show all )
CVE-2017-3156 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-361 Time and State
The OAuth2 Hawk and JOSE MAC Validation code in Apache CXF prior to 3.0.13 and 3.1.x prior to 3.1.10 is not using a constant time MAC signature comparison algorithm which may be exploited by sophisticated timing attacks.
Vulnerable Software & Versions: (show all )
CVE-2017-5653 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-20 Improper Input Validation
JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers.
Vulnerable Software & Versions: (show all )
CVE-2017-5656 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-384
Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of caching tokens that are associated with delegation tokens, which means that an attacker could craft a token which would return an identifer corresponding to a cached token for another user.
Vulnerable Software & Versions: (show all )
jcip-annotations-1.0.jar
File Path: Z:\Gradle\caches\modules-2\files-2.1\net.jcip\jcip-annotations\1.0\afba4942caaeaf46aab0b976afd57cc7c181467e\jcip-annotations-1.0.jar
MD5: 9d5272954896c5a5d234f66b7372b17a
SHA1: afba4942caaeaf46aab0b976afd57cc7c181467e
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name jcip Low
Vendor pom artifactid jcip-annotations Low
Vendor jar package name annotations Low
Vendor file name jcip-annotations High
Vendor jar package name net Low
Vendor central groupid net.jcip Highest
Vendor pom name "Java Concurrency in Practice" book annotations High
Vendor pom groupid net.jcip Highest
Vendor gradle groupid net.jcip Highest
Vendor pom url http://jcip.net/ Highest
Product gradle artifactid jcip-annotations Highest
Product jar package name jcip Low
Product central artifactid jcip-annotations Highest
Product jar package name annotations Low
Product pom groupid net.jcip Low
Product file name jcip-annotations High
Product pom artifactid jcip-annotations Highest
Product pom url http://jcip.net/ Medium
Product pom name "Java Concurrency in Practice" book annotations High
Version pom version 1.0 Highest
Version central version 1.0 Highest
Version file version 1.0 Highest
jna-4.1.0.jar
Description: Java Native Access
License:
LGPL, version 2.1: http://www.gnu.org/licenses/licenses.html
ASL, version 2: http://www.apache.org/licenses/
File Path: Z:\Gradle\caches\modules-2\files-2.1\net.java.dev.jna\jna\4.1.0\1c12d070e602efd8021891cdd7fd18bc129372d4\jna-4.1.0.jar
MD5: b0e08c9936dc52aa40439c71fcad6297
SHA1: 1c12d070e602efd8021891cdd7fd18bc129372d4
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name sun Low
Vendor pom name Java Native Access High
Vendor Manifest bundle-nativecode com/sun/jna/win32-x86/jnidispatch.dll; processor=x86;osname=win32, com/sun/jna/win32-x86-64/jnidispatch.dll; processor=x86-64;osname=win32, com/sun/jna/w32ce-arm/jnidispatch.dll; processor=arm;osname=wince, com/sun/jna/sunos-x86/libjnidispatch.so; processor=x86;osname=sunos, com/sun/jna/sunos-x86-64/libjnidispatch.so; processor=x86-64;osname=sunos, com/sun/jna/sunos-sparc/libjnidispatch.so; processor=sparc;osname=sunos, com/sun/jna/sunos-sparcv9/libjnidispatch.so; processor=sparcv9;osname=sunos, com/sun/jna/aix-ppc/libjnidispatch.a; processor=ppc;osname=aix, com/sun/jna/aix-ppc64/libjnidispatch.a; processor=ppc64;osname=aix, com/sun/jna/linux-ppc/libjnidispatch.so; processor=ppc;osname=linux, com/sun/jna/linux-ppc64/libjnidispatch.so; processor=ppc64;osname=linux, com/sun/jna/linux-x86/libjnidispatch.so; processor=x86;osname=linux, com/sun/jna/linux-x86-64/libjnidispatch.so; processor=x86-64;osname=linux, com/sun/jna/linux-arm/libjnidispatch.so; processor=arm;osname=linux, com/sun/jna/linux-ia64/libjnidispatch.so; processor=ia64;osname=linux, com/sun/jna/freebsd-x86/libjnidispatch.so; processor=x86;osname=freebsd, com/sun/jna/freebsd-x86-64/libjnidispatch.so; processor=x86-64;osname=freebsd, com/sun/jna/openbsd-x86/libjnidispatch.so; processor=x86;osname=openbsd, com/sun/jna/openbsd-x86-64/libjnidispatch.so; processor=x86-64;osname=openbsd, com/sun/jna/darwin/libjnidispatch.jnilib; osname=macosx;processor=x86;processor=x86-64;processor=ppc Low
Vendor jar (hint) package name oracle Low
Vendor pom artifactid jna Low
Vendor Manifest specification-vendor JNA Development Team Low
Vendor jar package name jna Low
Vendor pom groupid net.java.dev.jna Highest
Vendor pom description Java Native Access Medium
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.4 Low
Vendor manifest Bundle-Description JNA Library Medium
Vendor Manifest bundle-symbolicname com.sun.jna Medium
Vendor central groupid net.java.dev.jna Highest
Vendor Manifest Implementation-Vendor JNA Development Team High
Vendor file name jna High
Vendor gradle groupid net.java.dev.jna Highest
Vendor pom url twall/jna Highest
Product pom name Java Native Access High
Product Manifest bundle-nativecode com/sun/jna/win32-x86/jnidispatch.dll; processor=x86;osname=win32, com/sun/jna/win32-x86-64/jnidispatch.dll; processor=x86-64;osname=win32, com/sun/jna/w32ce-arm/jnidispatch.dll; processor=arm;osname=wince, com/sun/jna/sunos-x86/libjnidispatch.so; processor=x86;osname=sunos, com/sun/jna/sunos-x86-64/libjnidispatch.so; processor=x86-64;osname=sunos, com/sun/jna/sunos-sparc/libjnidispatch.so; processor=sparc;osname=sunos, com/sun/jna/sunos-sparcv9/libjnidispatch.so; processor=sparcv9;osname=sunos, com/sun/jna/aix-ppc/libjnidispatch.a; processor=ppc;osname=aix, com/sun/jna/aix-ppc64/libjnidispatch.a; processor=ppc64;osname=aix, com/sun/jna/linux-ppc/libjnidispatch.so; processor=ppc;osname=linux, com/sun/jna/linux-ppc64/libjnidispatch.so; processor=ppc64;osname=linux, com/sun/jna/linux-x86/libjnidispatch.so; processor=x86;osname=linux, com/sun/jna/linux-x86-64/libjnidispatch.so; processor=x86-64;osname=linux, com/sun/jna/linux-arm/libjnidispatch.so; processor=arm;osname=linux, com/sun/jna/linux-ia64/libjnidispatch.so; processor=ia64;osname=linux, com/sun/jna/freebsd-x86/libjnidispatch.so; processor=x86;osname=freebsd, com/sun/jna/freebsd-x86-64/libjnidispatch.so; processor=x86-64;osname=freebsd, com/sun/jna/openbsd-x86/libjnidispatch.so; processor=x86;osname=openbsd, com/sun/jna/openbsd-x86-64/libjnidispatch.so; processor=x86-64;osname=openbsd, com/sun/jna/darwin/libjnidispatch.jnilib; osname=macosx;processor=x86;processor=x86-64;processor=ppc Low
Product pom groupid net.java.dev.jna Low
Product Manifest Implementation-Title com.sun.jna High
Product jar package name jna Low
Product pom url twall/jna High
Product pom artifactid jna Highest
Product pom description Java Native Access Medium
Product Manifest bundle-requiredexecutionenvironment J2SE-1.4 Low
Product Manifest specification-title Java Native Access (JNA) Medium
Product manifest Bundle-Description JNA Library Medium
Product Manifest bundle-symbolicname com.sun.jna Medium
Product central artifactid jna Highest
Product Manifest Bundle-Name jna Medium
Product file name jna High
Product gradle artifactid jna Highest
Version file version 4.1.0 Highest
Version central version 4.1.0 Highest
Version pom version 4.1.0 Highest
jdom2-2.0.4.jar
Description:
A complete, Java-based solution for accessing, manipulating,
and outputting XML data
License:
Similar to Apache License but with the acknowledgment clause removed: https://raw.github.com/hunterhacker/jdom/master/LICENSE.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.jdom\jdom2\2.0.4\4b65e55cc61b34bc634b25f0359d1242e4c519de\jdom2-2.0.4.jar
MD5: e51c9485a3a38525a7df4bd25a05dec6
SHA1: 4b65e55cc61b34bc634b25f0359d1242e4c519de
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom groupid jdom Highest
Vendor pom url http://www.jdom.org Highest
Vendor pom description
A complete, Java-based solution for accessing, manipulating,
and outputting XML data
Medium
Vendor gradle groupid org.jdom Highest
Vendor manifest: org/jdom2/transform/ Implementation-Vendor jdom.org Medium
Vendor pom artifactid jdom2 Low
Vendor file name jdom2 High
Vendor pom organization url http://www.jdom.org Medium
Vendor manifest: org/jdom2/filter/ Implementation-Vendor jdom.org Medium
Vendor manifest: org/jdom2/adapters/ Implementation-Vendor jdom.org Medium
Vendor pom name JDOM High
Vendor manifest: org/jdom2/ Implementation-Vendor jdom.org Medium
Vendor jar package name jdom2 Low
Vendor manifest: org/jdom2/input/ Implementation-Vendor jdom.org Medium
Vendor manifest: org/jdom2/output/ Implementation-Vendor jdom.org Medium
Vendor manifest: org/jdom2/xpath/ Implementation-Vendor jdom.org Medium
Vendor central groupid org.jdom Highest
Vendor pom organization name JDOM High
Product manifest: org/jdom2/ Specification-Title JDOM Classes Medium
Product manifest: org/jdom2/filter/ Specification-Title JDOM Filter Classes Medium
Product pom description
A complete, Java-based solution for accessing, manipulating,
and outputting XML data
Medium
Product manifest: org/jdom2/xpath/ Implementation-Title org.jdom2.xpath Medium
Product gradle artifactid jdom2 Highest
Product pom organization url http://www.jdom.org Low
Product manifest: org/jdom2/transform/ Implementation-Title org.jdom2.transform Medium
Product pom url http://www.jdom.org Medium
Product manifest: org/jdom2/adapters/ Specification-Title JDOM Adapter Classes Medium
Product manifest: org/jdom2/input/ Implementation-Title org.jdom2.input Medium
Product pom groupid jdom Low
Product manifest: org/jdom2/ Implementation-Title org.jdom2 Medium
Product manifest: org/jdom2/adapters/ Implementation-Title org.jdom2.adapters Medium
Product manifest: org/jdom2/xpath/ Specification-Title JDOM XPath Classes Medium
Product manifest: org/jdom2/filter/ Implementation-Title org.jdom2.filter Medium
Product file name jdom2 High
Product manifest: org/jdom2/input/ Specification-Title JDOM Input Classes Medium
Product pom name JDOM High
Product pom organization name JDOM Low
Product central artifactid jdom2 Highest
Product manifest: org/jdom2/output/ Implementation-Title org.jdom2.output Medium
Product pom artifactid jdom2 Highest
Product manifest: org/jdom2/output/ Specification-Title JDOM Output Classes Medium
Product manifest: org/jdom2/transform/ Specification-Title JDOM Transformation Classes Medium
Version central version 2.0.4 Highest
Version file version 2.0.4 Highest
Version pom version 2.0.4 Highest
bzip2-0.9.1.jar
Description: jbzip2 is a Java bzip2 compression/decompression library. It can be used as a replacement for the Apache CBZip2InputStream / CBZip2OutputStream classes.
License:
MIT License (MIT): http://opensource.org/licenses/mit-license.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.itadaki\bzip2\0.9.1\47ca95f71e3ccae756c4a24354d48069c58f475c\bzip2-0.9.1.jar
MD5: ddd5eb3a035655cbbb536e9b86907a00
SHA1: 47ca95f71e3ccae756c4a24354d48069c58f475c
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor central groupid org.itadaki Highest
Vendor pom artifactid bzip2 Low
Vendor jar package name itadaki Low
Vendor pom description jbzip2 is a Java bzip2 compression/decompression library. It can be used as a replacement for the Apache CBZip2InputStream / CBZip2OutputStream classes. Low
Vendor jar package name bzip2 Low
Vendor pom url https://code.google.com/p/jbzip2/ Highest
Vendor gradle groupid org.itadaki Highest
Vendor pom groupid itadaki Highest
Vendor pom name Itadaki jbzip2 High
Vendor file name bzip2 High
Product gradle artifactid bzip2 Highest
Product pom url https://code.google.com/p/jbzip2/ Medium
Product pom groupid itadaki Low
Product central artifactid bzip2 Highest
Product pom description jbzip2 is a Java bzip2 compression/decompression library. It can be used as a replacement for the Apache CBZip2InputStream / CBZip2OutputStream classes. Low
Product jar package name bzip2 Low
Product pom name Itadaki jbzip2 High
Product file name bzip2 High
Product pom artifactid bzip2 Highest
Version pom version 0.9.1 Highest
Version file version 0.9.1 Highest
Version central version 0.9.1 Highest
Published Vulnerabilities
CVE-2005-1260 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb").
Vulnerable Software & Versions:
CVE-2010-0405 suppress
Severity:
Medium
CVSS Score: 5.1
(AV:N/AC:H/Au:N/C:P/I:P/A:P)
CWE: CWE-189 Numeric Errors
Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.
Vulnerable Software & Versions: (show all )
CVE-2011-4089 suppress
Severity:
Medium
CVSS Score: 4.6
(AV:L/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory.
Vulnerable Software & Versions: (show all )
udunits-4.5.5.jar
Description: The ucar.units Java package is for decoding and encoding
formatted unit specifications (e.g. "m/s"), converting numeric values
between compatible units (e.g. between "m/s" and "knot"), and for
performing arithmetic operations on units (e.g. dividing one unit by
another, raising a unit to a power).
File Path: Z:\Gradle\caches\modules-2\files-2.1\edu.ucar\udunits\4.5.5\d8c8d65ade13666eedcf764889c69321c247f153\udunits-4.5.5.jar
MD5: 025ffadf77de73601443c8262c995df0
SHA1: d8c8d65ade13666eedcf764889c69321c247f153
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom name udunits High
Vendor pom description The ucar.units Java package is for decoding and encoding formatted unit specifications (e.g. "m/s"), converting numeric values between compatible units (e.g. between "m/s" and "knot"), and for performing arithmetic operations on units (e.g. dividing one unit by another, raising a unit to a power). Low
Vendor pom groupid edu.ucar Highest
Vendor Manifest built-on 20150306.1537 Low
Vendor Manifest Implementation-Vendor-Id edu.ucar Medium
Vendor central groupid edu.ucar Highest
Vendor Manifest Implementation-Vendor UCAR/Unidata High
Vendor pom artifactid udunits Low
Vendor pom parent-artifactid thredds-parent Low
Vendor gradle groupid edu.ucar Highest
Vendor file name udunits High
Vendor pom url http://www.unidata.ucar.edu/software/udunits// Highest
Product pom url http://www.unidata.ucar.edu/software/udunits// Medium
Product central artifactid udunits Highest
Product pom name udunits High
Product pom description The ucar.units Java package is for decoding and encoding formatted unit specifications (e.g. "m/s"), converting numeric values between compatible units (e.g. between "m/s" and "knot"), and for performing arithmetic operations on units (e.g. dividing one unit by another, raising a unit to a power). Low
Product pom groupid edu.ucar Low
Product Manifest Implementation-Title udunits High
Product gradle artifactid udunits Highest
Product pom artifactid udunits Highest
Product file name udunits High
Product Manifest built-on 20150306.1537 Low
Product pom parent-artifactid thredds-parent Medium
Version pom version 4.5.5 Highest
Version central version 4.5.5 Highest
Version Manifest Implementation-Version 4.5.5 High
Version file version 4.5.5 Highest
joda-time-2.2.jar
Description: Date and time library to replace JDK date handling
License:
Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\joda-time\joda-time\2.2\a5f29a7acaddea3f4af307e8cf2d0cc82645fd7d\joda-time-2.2.jar
MD5: 226f5207543c490f10f234e82108b998
SHA1: a5f29a7acaddea3f4af307e8cf2d0cc82645fd7d
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom groupid joda-time Highest
Vendor pom description Date and time library to replace JDK date handling Medium
Vendor central groupid joda-time Highest
Vendor Manifest bundle-symbolicname joda-time Medium
Vendor pom organization url http://www.joda.org Medium
Vendor pom name Joda time High
Vendor pom url http://joda-time.sourceforge.net Highest
Vendor Manifest extension-name joda-time Medium
Vendor gradle groupid joda-time Highest
Vendor Manifest bundle-docurl http://joda-time.sourceforge.net/ Low
Vendor Manifest specification-vendor Joda.org Low
Vendor Manifest Implementation-Vendor-Id org.joda Medium
Vendor pom artifactid joda-time Low
Vendor pom organization name Joda.org High
Vendor file name joda-time High
Vendor Manifest Implementation-Vendor Joda.org High
Product pom description Date and time library to replace JDK date handling Medium
Product pom organization url http://www.joda.org Low
Product Manifest bundle-symbolicname joda-time Medium
Product pom organization name Joda.org Low
Product pom name Joda time High
Product Manifest Bundle-Name Joda-Time Medium
Product pom artifactid joda-time Highest
Product Manifest extension-name joda-time Medium
Product pom groupid joda-time Low
Product pom url http://joda-time.sourceforge.net Medium
Product Manifest specification-title Joda-Time Medium
Product central artifactid joda-time Highest
Product Manifest bundle-docurl http://joda-time.sourceforge.net/ Low
Product Manifest Implementation-Title org.joda.time High
Product gradle artifactid joda-time Highest
Product file name joda-time High
Version pom version 2.2 Highest
Version file version 2.2 Highest
Version Manifest Implementation-Version 2.2 High
Version central version 2.2 Highest
quartz-2.2.0.jar
Description: Enterprise Job Scheduler
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
Apache Software License, Version 2.0
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.quartz-scheduler\quartz\2.2.0\2eb16fce055d5f3c9d65420f6fc4efd3a079a3d8\quartz-2.2.0.jar
MD5: 56d748f33fa07cb50c86eb72f53141b5
SHA1: 2eb16fce055d5f3c9d65420f6fc4efd3a079a3d8
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom artifactid quartz Low
Vendor file name quartz High
Vendor gradle groupid org.quartz-scheduler Highest
Vendor Manifest buildinfo-timestamp 20130629-140504 Low
Vendor Manifest terracotta-name quartz Medium
Vendor pom groupid quartz-scheduler Highest
Vendor pom name quartz High
Vendor pom description Enterprise Job Scheduler Medium
Vendor Manifest buildinfo-revision 2359 Low
Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low
Vendor Manifest bundle-docurl http://www.terracotta.org Low
Vendor Manifest bundle-symbolicname org.quartz-scheduler.quartz Medium
Vendor pom parent-groupid org.quartz-scheduler Medium
Vendor manifest terracotta-description Enterprise Job Scheduler Medium
Vendor Manifest buildinfo-url https://svn.terracotta.org/repo/quartz/tags/quartz-2.2.0 Low
Vendor manifest Bundle-Description Enterprise Job Scheduler Medium
Vendor central groupid org.quartz-scheduler Highest
Vendor pom parent-artifactid quartz-parent Low
Product file name quartz High
Product Manifest buildinfo-timestamp 20130629-140504 Low
Product Manifest terracotta-name quartz Medium
Product pom name quartz High
Product pom parent-groupid org.quartz-scheduler Low
Product pom description Enterprise Job Scheduler Medium
Product pom groupid quartz-scheduler Low
Product Manifest buildinfo-revision 2359 Low
Product gradle artifactid quartz Highest
Product pom artifactid quartz Highest
Product Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low
Product Manifest Bundle-Name quartz Medium
Product Manifest bundle-docurl http://www.terracotta.org Low
Product Manifest bundle-symbolicname org.quartz-scheduler.quartz Medium
Product central artifactid quartz Highest
Product manifest terracotta-description Enterprise Job Scheduler Medium
Product pom parent-artifactid quartz-parent Medium
Product Manifest buildinfo-url https://svn.terracotta.org/repo/quartz/tags/quartz-2.2.0 Low
Product manifest Bundle-Description Enterprise Job Scheduler Medium
Version pom version 2.2.0 Highest
Version central version 2.2.0 Highest
Version file version 2.2.0 Highest
ehcache-core-2.6.2.jar
Description: This is the ehcache core module. Pair it with other modules for added functionality.
License:
The Apache Software License, Version 2.0: src/assemble/EHCACHE-CORE-LICENSE.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\net.sf.ehcache\ehcache-core\2.6.2\3baecd92015a9f8fe4cf51c8b5d3a5bddcdd3e86\ehcache-core-2.6.2.jar
MD5: b6abecd2c01070700a9001b33b94b3f4
SHA1: 3baecd92015a9f8fe4cf51c8b5d3a5bddcdd3e86
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom url http://ehcache.org Highest
Vendor central groupid net.sf.ehcache Highest
Vendor pom description This is the ehcache core module. Pair it with other modules for added functionality. Medium
Vendor pom artifactid ehcache-core Low
Vendor pom parent-artifactid ehcache-parent Low
Vendor gradle groupid net.sf.ehcache Highest
Vendor file name ehcache-core High
Vendor pom groupid net.sf.ehcache Highest
Vendor pom name Ehcache Core High
Product central artifactid ehcache-core Highest
Product pom description This is the ehcache core module. Pair it with other modules for added functionality. Medium
Product pom groupid net.sf.ehcache Low
Product pom url http://ehcache.org Medium
Product gradle artifactid ehcache-core Highest
Product file name ehcache-core High
Product pom artifactid ehcache-core Highest
Product pom parent-artifactid ehcache-parent Medium
Product pom name Ehcache Core High
Version file version 2.6.2 Highest
Version central version 2.6.2 Highest
Version pom version 2.6.2 Highest
jcommander-1.35.jar
Description: A Java framework to parse command line options with annotations.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.beust\jcommander\1.35\47592e181b0bdbbeb63029e08c5e74f6803c4edd\jcommander-1.35.jar
MD5: 90216444fab67357c5bdf3293b47107e
SHA1: 47592e181b0bdbbeb63029e08c5e74f6803c4edd
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor gradle groupid com.beust Highest
Vendor Manifest bundle-symbolicname com.beust.jcommander Medium
Vendor central groupid com.beust Highest
Vendor file name jcommander High
Vendor pom url http://beust.com/jcommander Highest
Vendor manifest Bundle-Description A Java framework to parse command line options with annotations. Medium
Vendor pom groupid beust Highest
Vendor pom artifactid jcommander Low
Vendor pom description A Java framework to parse command line options with annotations. Medium
Vendor pom name JCommander High
Product Manifest bundle-symbolicname com.beust.jcommander Medium
Product file name jcommander High
Product pom artifactid jcommander Highest
Product manifest Bundle-Description A Java framework to parse command line options with annotations. Medium
Product gradle artifactid jcommander Highest
Product pom description A Java framework to parse command line options with annotations. Medium
Product Manifest Bundle-Name JCommander Medium
Product central artifactid jcommander Highest
Product pom groupid beust Low
Product pom name JCommander High
Product pom url http://beust.com/jcommander Medium
Version file version 1.35 Highest
Version central version 1.35 Highest
Version pom version 1.35 Highest
sis-storage-0.6.jar
Description:
Provides the interfaces and base classes to be implemented by various storage formats.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.sis.storage\sis-storage\0.6\1996e6209d309380cd191d4483ca19cc25c30fe3\sis-storage-0.6.jar
MD5: b30f631ab68b989fa35b23f5d6165d30
SHA1: 1996e6209d309380cd191d4483ca19cc25c30fe3
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom parent-artifactid storage Low
Vendor pom parent-groupid org.apache.sis Medium
Vendor jar package name apache Low
Vendor Manifest built-on 2015-09-11T22:45:56Z Low
Vendor pom name Apache SIS common storage High
Vendor pom description
Provides the interfaces and base classes to be implemented by various storage formats.
Medium
Vendor gradle groupid org.apache.sis.storage Highest
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor Manifest specification-vendor Open Geospatial Consortium Low
Vendor Manifest bundle-symbolicname org.apache.sis.storage Medium
Vendor Manifest Implementation-Vendor-Id org.apache.sis.storage Medium
Vendor jar package name sis Low
Vendor central groupid org.apache.sis.storage Highest
Vendor jar package name internal Low
Vendor manifest Bundle-Description Provides the interfaces and base classes to be implemented by various storage formats. Medium
Vendor pom groupid apache.sis.storage Highest
Vendor file name sis-storage High
Vendor Manifest implementation-url http://sis.apache.org/storage/sis-storage Low
Vendor Manifest bundle-docurl http://sis.apache.org/storage/sis-storage Low
Vendor pom artifactid sis-storage Low
Product Manifest built-on 2015-09-11T22:45:56Z Low
Product jar package name storage Low
Product pom name Apache SIS common storage High
Product pom parent-artifactid storage Medium
Product pom description
Provides the interfaces and base classes to be implemented by various storage formats.
Medium
Product pom groupid apache.sis.storage Low
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Product Manifest Implementation-Title Apache SIS common storage High
Product pom artifactid sis-storage Highest
Product Manifest Bundle-Name Apache SIS common storage Medium
Product pom parent-groupid org.apache.sis Low
Product central artifactid sis-storage Highest
Product Manifest specification-title GeoAPI Medium
Product Manifest bundle-symbolicname org.apache.sis.storage Medium
Product jar package name sis Low
Product gradle artifactid sis-storage Highest
Product jar package name internal Low
Product manifest Bundle-Description Provides the interfaces and base classes to be implemented by various storage formats. Medium
Product file name sis-storage High
Product Manifest implementation-url http://sis.apache.org/storage/sis-storage Low
Product Manifest bundle-docurl http://sis.apache.org/storage/sis-storage Low
Version Manifest Implementation-Version 0.6 High
Version pom version 0.6 Highest
Version file version 0.6 Highest
Version central version 0.6 Highest
sis-referencing-0.6.jar
Description:
Implementations of Coordinate Reference Systems (CRS),
conversion and transformation services derived from ISO 19111.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.sis.core\sis-referencing\0.6\ca59408047b7c3685661959b5858297e047a4046\sis-referencing-0.6.jar
MD5: e7cb42c4330b3e9ebd8e91cf8bbaa028
SHA1: ca59408047b7c3685661959b5858297e047a4046
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name referencing Low
Vendor pom parent-groupid org.apache.sis Medium
Vendor jar package name apache Low
Vendor Manifest built-on 2015-09-11T22:45:56Z Low
Vendor pom groupid apache.sis.core Highest
Vendor pom artifactid sis-referencing Low
Vendor pom name Apache SIS referencing High
Vendor Manifest bundle-symbolicname org.apache.sis.referencing Medium
Vendor Manifest require-capability osgi.extender;filter:="(osgi.extender=osgi.serviceloader.registrar)",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Vendor pom description Implementations of Coordinate Reference Systems (CRS), conversion and transformation services derived from ISO 19111. Low
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom parent-artifactid core Low
Vendor Manifest specification-vendor Open Geospatial Consortium Low
Vendor Manifest implementation-url http://sis.apache.org/core/sis-referencing Low
Vendor jar package name sis Low
Vendor file name sis-referencing High
Vendor gradle groupid org.apache.sis.core Highest
Vendor central groupid org.apache.sis.core Highest
Vendor Manifest Implementation-Vendor-Id org.apache.sis.core Medium
Vendor manifest Bundle-Description Implementations of Coordinate Reference Systems (CRS), conversion and transformation services derived from ISO 19111. Low
Vendor Manifest provide-capability osgi.serviceloader;osgi.serviceloader="org.apache.sis.internal.jaxb.AdapterReplacement",org.opengis.referencing.operation.MathTransformFactory,org.opengis.referencing.operation.OperationMethod,org.opengis.temporal.TemporalFactory Low
Vendor Manifest bundle-docurl http://sis.apache.org/core/sis-referencing Low
Product jar package name referencing Low
Product Manifest built-on 2015-09-11T22:45:56Z Low
Product pom name Apache SIS referencing High
Product Manifest bundle-symbolicname org.apache.sis.referencing Medium
Product Manifest require-capability osgi.extender;filter:="(osgi.extender=osgi.serviceloader.registrar)",osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Product pom description Implementations of Coordinate Reference Systems (CRS), conversion and transformation services derived from ISO 19111. Low
Product pom parent-artifactid core Medium
Product pom parent-groupid org.apache.sis Low
Product pom groupid apache.sis.core Low
Product Manifest specification-title GeoAPI Medium
Product pom artifactid sis-referencing Highest
Product Manifest implementation-url http://sis.apache.org/core/sis-referencing Low
Product central artifactid sis-referencing Highest
Product jar package name sis Low
Product file name sis-referencing High
Product Manifest Bundle-Name Apache SIS referencing Medium
Product Manifest Implementation-Title Apache SIS referencing High
Product gradle artifactid sis-referencing Highest
Product manifest Bundle-Description Implementations of Coordinate Reference Systems (CRS), conversion and transformation services derived from ISO 19111. Low
Product Manifest provide-capability osgi.serviceloader;osgi.serviceloader="org.apache.sis.internal.jaxb.AdapterReplacement",org.opengis.referencing.operation.MathTransformFactory,org.opengis.referencing.operation.OperationMethod,org.opengis.temporal.TemporalFactory Low
Product Manifest bundle-docurl http://sis.apache.org/core/sis-referencing Low
Version Manifest Implementation-Version 0.6 High
Version pom version 0.6 Highest
Version file version 0.6 Highest
Version central version 0.6 Highest
jsr-275-0.9.3.jar
Description:
JSR-275 specifies Java packages for the programmatic handling
of physical quantities and their expression as numbers of units.
License:
Specification License: LICENSE.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\javax.measure\jsr-275\0.9.3\ab2fb094fc5297ae5636ef6ed0d6051d5a656588\jsr-275-0.9.3.jar
MD5: e7a135baa55ec464055d75e4fd4d6b6f
SHA1: ab2fb094fc5297ae5636ef6ed0d6051d5a656588
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom url https://kenai.com/projects/jsr-275 Highest
Vendor pom groupid javax.measure Highest
Vendor central groupid javax.measure Highest
Vendor file name jsr-275 High
Vendor Manifest bundle-symbolicname javax.measure Medium
Vendor pom description JSR-275 specifies Java packages for the programmatic handling of physical quantities and their expression as numbers of units. Low
Vendor pom artifactid jsr-275 Low
Vendor pom organization url http://jscience.org Medium
Vendor pom organization name JScience High
Vendor pom name JSR-275 High
Vendor gradle groupid javax.measure Highest
Product central artifactid jsr-275 Highest
Product pom organization name JScience Low
Product pom artifactid jsr-275 Highest
Product Manifest Implementation-Title JSR-275 High
Product Manifest bundle-symbolicname javax.measure Medium
Product Manifest Bundle-Name Measures and Units Medium
Product pom name JSR-275 High
Product pom groupid javax.measure Low
Product pom organization url http://jscience.org Low
Product gradle artifactid jsr-275 Highest
Product pom url https://kenai.com/projects/jsr-275 Medium
Product file name jsr-275 High
Product pom description JSR-275 specifies Java packages for the programmatic handling of physical quantities and their expression as numbers of units. Low
Version Manifest Implementation-Version 0.9.3 High
Version pom version 0.9.3 Highest
Version central version 0.9.3 Highest
Version file version 0.9.3 Highest
batik-dom-1.9.jar
Description: Batik DOM implementation
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlgraphics\batik-dom\1.9\96e8edbf08358f84f7c9dc5778797203f0feb59c\batik-dom-1.9.jar
MD5: de7ac1eeb6416664866c3bc38dea382d
SHA1: 96e8edbf08358f84f7c9dc5778797203f0feb59c
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name apache Low
Vendor file name batik-dom High
Vendor central groupid org.apache.xmlgraphics Highest
Vendor pom parent-artifactid batik Low
Vendor pom artifactid batik-dom Low
Vendor pom groupid apache.xmlgraphics Highest
Vendor pom parent-groupid org.apache.xmlgraphics Medium
Vendor pom description Batik DOM implementation Medium
Vendor jar package name dom Low
Vendor gradle groupid org.apache.xmlgraphics Highest
Vendor pom name org.apache.xmlgraphics:batik High
Vendor jar package name batik Low
Product jar package name dom Low
Product central artifactid batik-dom Highest
Product pom name org.apache.xmlgraphics:batik High
Product pom artifactid batik-dom Highest
Product gradle artifactid batik-dom Highest
Product pom parent-artifactid batik Medium
Product file name batik-dom High
Product jar package name batik Low
Product pom parent-groupid org.apache.xmlgraphics Low
Product pom groupid apache.xmlgraphics Low
Product pom description Batik DOM implementation Medium
Version pom version 1.9 Highest
Version file version 1.9 Highest
Version central version 1.9 Highest
batik-parser-1.9.jar
Description: Batik SVG microsyntax parser
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlgraphics\batik-parser\1.9\1f57aca8fc9f47431bf637a34097e3797458a211\batik-parser-1.9.jar
MD5: 466131d33a88dbc33e6749d48ce67d9d
SHA1: 1f57aca8fc9f47431bf637a34097e3797458a211
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name apache Low
Vendor pom artifactid batik-parser Low
Vendor central groupid org.apache.xmlgraphics Highest
Vendor pom parent-artifactid batik Low
Vendor pom groupid apache.xmlgraphics Highest
Vendor pom parent-groupid org.apache.xmlgraphics Medium
Vendor file name batik-parser High
Vendor gradle groupid org.apache.xmlgraphics Highest
Vendor pom name org.apache.xmlgraphics:batik High
Vendor pom description Batik SVG microsyntax parser Medium
Vendor jar package name batik Low
Vendor jar package name parser Low
Product pom name org.apache.xmlgraphics:batik High
Product central artifactid batik-parser Highest
Product pom parent-artifactid batik Medium
Product pom description Batik SVG microsyntax parser Medium
Product pom artifactid batik-parser Highest
Product jar package name batik Low
Product gradle artifactid batik-parser Highest
Product pom parent-groupid org.apache.xmlgraphics Low
Product jar package name parser Low
Product pom groupid apache.xmlgraphics Low
Product file name batik-parser High
Version pom version 1.9 Highest
Version file version 1.9 Highest
Version central version 1.9 Highest
batik-util-1.9.jar
Description: Batik utility library
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlgraphics\batik-util\1.9\c96247c6b0b4909b0a515577f67622e9190b8f8\batik-util-1.9.jar
MD5: eef37ed42ae3361265182ad91ef0ed93
SHA1: 0c96247c6b0b4909b0a515577f67622e9190b8f8
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom description Batik utility library Medium
Vendor jar package name apache Low
Vendor central groupid org.apache.xmlgraphics Highest
Vendor pom parent-artifactid batik Low
Vendor pom groupid apache.xmlgraphics Highest
Vendor pom parent-groupid org.apache.xmlgraphics Medium
Vendor gradle groupid org.apache.xmlgraphics Highest
Vendor file name batik-util High
Vendor pom name org.apache.xmlgraphics:batik High
Vendor jar package name util Low
Vendor jar package name batik Low
Vendor pom artifactid batik-util Low
Product file name batik-util High
Product pom name org.apache.xmlgraphics:batik High
Product pom description Batik utility library Medium
Product pom parent-artifactid batik Medium
Product pom artifactid batik-util Highest
Product gradle artifactid batik-util Highest
Product jar package name util Low
Product jar package name batik Low
Product pom parent-groupid org.apache.xmlgraphics Low
Product pom groupid apache.xmlgraphics Low
Product central artifactid batik-util Highest
Version pom version 1.9 Highest
Version file version 1.9 Highest
Version central version 1.9 Highest
xml-apis-1.3.04.jar
Description: xml-commons provides an Apache-hosted set of DOM, SAX, and
JAXP interfaces for use in other xml-based projects. Our hope is that we
can standardize on both a common version and packaging scheme for these
critical XML standards interfaces to make the lives of both our developers
and users easier. The External Components portion of xml-commons contains
interfaces that are defined by external standards organizations. For DOM,
that's the W3C; for SAX it's David Megginson and sax.sourceforge.net; for
JAXP it's Sun.
File Path: Z:\Gradle\caches\modules-2\files-2.1\xml-apis\xml-apis\1.3.04\90b215f48fe42776c8c7f6e3509ec54e84fd65ef\xml-apis-1.3.04.jar
MD5: 9ae9c29e4497fc35a3eade1e6dd0bbeb
SHA1: 90b215f48fe42776c8c7f6e3509ec54e84fd65ef
Referenced In Projects/Scopes:
compileClasspath
compileOnly
compile
Evidence
Type Source Name Value Confidence
Vendor file name xml-apis High
Vendor manifest: javax/xml/transform/ Implementation-Vendor Apache Software Foundation Medium
Vendor manifest: javax/xml/parsers/ Implementation-Vendor Apache Software Foundation Medium
Vendor pom description xml-commons provides an Apache-hosted set of DOM, SAX, and JAXP interfaces for use in other xml-based projects. Our hope is that we can standardize on both a common version and packaging scheme for these critical XML standards interfaces to make the lives of both our developers and users easier. The External Components portion of xml-commons contains interfaces that are defined by external standards organizations. For DOM, that's the W3C; for SAX it's David Megginson and sax.sourceforge.net; for JAXP it's Sun. Low
Vendor pom parent-groupid org.apache Medium
Vendor pom url http://xml.apache.org/commons/components/external/ Highest
Vendor pom parent-artifactid apache Low
Vendor gradle groupid xml-apis Highest
Vendor manifest: javax/xml/xpath/ Implementation-Vendor Apache Software Foundation Medium
Vendor jar package name xml Low
Vendor central groupid xml-apis Highest
Vendor manifest: javax/xml/datatype/ Implementation-Vendor Apache Software Foundation Medium
Vendor manifest: javax/xml/validation/ Implementation-Vendor Apache Software Foundation Medium
Vendor pom name XML Commons External Components XML APIs High
Vendor manifest: org/xml/sax/ Implementation-Vendor David Megginson Medium
Vendor pom groupid xml-apis Highest
Vendor manifest: org/w3c/dom/ Implementation-Vendor World Wide Web Consortium Medium
Vendor manifest: org/apache/xmlcommons/Version Implementation-Vendor Apache Software Foundation Medium
Vendor pom artifactid xml-apis Low
Vendor manifest: org/w3c/dom/ls/ Implementation-Vendor World Wide Web Consortium Medium
Product file name xml-apis High
Product manifest: org/w3c/dom/ls/ Implementation-Title org.w3c.dom.ls Medium
Product pom description xml-commons provides an Apache-hosted set of DOM, SAX, and JAXP interfaces for use in other xml-based projects. Our hope is that we can standardize on both a common version and packaging scheme for these critical XML standards interfaces to make the lives of both our developers and users easier. The External Components portion of xml-commons contains interfaces that are defined by external standards organizations. For DOM, that's the W3C; for SAX it's David Megginson and sax.sourceforge.net; for JAXP it's Sun. Low
Product manifest: javax/xml/transform/ Specification-Title JSR 206 Java API for XML Processing 1.3 Medium
Product manifest: javax/xml/validation/ Implementation-Title javax.xml.validation Medium
Product central artifactid xml-apis Highest
Product pom artifactid xml-apis Highest
Product manifest: org/w3c/dom/ Implementation-Title org.w3c.dom Medium
Product manifest: javax/xml/datatype/ Specification-Title JSR 206 Java API for XML Processing 1.3 Medium
Product manifest: javax/xml/parsers/ Implementation-Title javax.xml.parsers Medium
Product manifest: org/w3c/dom/ls/ Specification-Title Document Object Model (DOM) Level 3 Load and Save Medium
Product manifest: javax/xml/parsers/ Specification-Title JSR 206, Java API for XML Processing 1.3 Medium
Product gradle artifactid xml-apis Highest
Product manifest: javax/xml/xpath/ Specification-Title JSR 206 Java API for XML Processing 1.3 Medium
Product pom parent-groupid org.apache Low
Product manifest: javax/xml/transform/ Implementation-Title javax.xml.transform Medium
Product manifest: org/w3c/dom/ Specification-Title Document Object Model (DOM) Level 3 Core Medium
Product manifest: org/xml/sax/ Implementation-Title org.xml.sax Medium
Product pom parent-artifactid apache Medium
Product manifest: org/xml/sax/ Specification-Title Simple API for XML Medium
Product jar package name dom Low
Product pom url http://xml.apache.org/commons/components/external/ Medium
Product manifest: javax/xml/datatype/ Implementation-Title javax.xml.datatype Medium
Product manifest: javax/xml/validation/ Specification-Title JSR 206 Java API for XML Processing 1.3 Medium
Product manifest: org/apache/xmlcommons/Version Implementation-Title org.apache.xmlcommons.Version Medium
Product pom name XML Commons External Components XML APIs High
Product pom groupid xml-apis Low
Product manifest: javax/xml/xpath/ Implementation-Title javax.xml.xpath Medium
Version file version 1.3.04 Highest
Version central version 1.3.04 Highest
Version pom version 1.3.04 Highest
xml-apis-ext-1.3.04.jar
Description: xml-commons provides an Apache-hosted set of DOM, SAX, and
JAXP interfaces for use in other xml-based projects. Our hope is that we
can standardize on both a common version and packaging scheme for these
critical XML standards interfaces to make the lives of both our developers
and users easier. The External Components portion of xml-commons contains
interfaces that are defined by external standards organizations. For DOM,
that's the W3C; for SAX it's David Megginson and sax.sourceforge.net; for
JAXP it's Sun.
File Path: Z:\Gradle\caches\modules-2\files-2.1\xml-apis\xml-apis-ext\1.3.04\41a8b86b358e87f3f13cf46069721719105aff66\xml-apis-ext-1.3.04.jar
MD5: bcb07d3b8d2397db7a3013b6465d347b
SHA1: 41a8b86b358e87f3f13cf46069721719105aff66
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor manifest: org/w3c/css/sac/ Implementation-Vendor World Wide Web Consortium Medium
Vendor manifest: org/w3c/dom/smil/ Implementation-Vendor World Wide Web Consortium Medium
Vendor pom description xml-commons provides an Apache-hosted set of DOM, SAX, and JAXP interfaces for use in other xml-based projects. Our hope is that we can standardize on both a common version and packaging scheme for these critical XML standards interfaces to make the lives of both our developers and users easier. The External Components portion of xml-commons contains interfaces that are defined by external standards organizations. For DOM, that's the W3C; for SAX it's David Megginson and sax.sourceforge.net; for JAXP it's Sun. Low
Vendor pom parent-groupid org.apache Medium
Vendor pom url http://xml.apache.org/commons/components/external/ Highest
Vendor pom parent-artifactid apache Low
Vendor jar package name svg Low
Vendor file name xml-apis-ext High
Vendor gradle groupid xml-apis Highest
Vendor manifest: org/w3c/dom/svg/ Implementation-Vendor World Wide Web Consortium Medium
Vendor pom artifactid xml-apis-ext Low
Vendor jar package name dom Low
Vendor pom name XML Commons External Components XML APIs Extensions High
Vendor jar package name w3c Low
Vendor central groupid xml-apis Highest
Vendor pom groupid xml-apis Highest
Product central artifactid xml-apis-ext Highest
Product pom description xml-commons provides an Apache-hosted set of DOM, SAX, and JAXP interfaces for use in other xml-based projects. Our hope is that we can standardize on both a common version and packaging scheme for these critical XML standards interfaces to make the lives of both our developers and users easier. The External Components portion of xml-commons contains interfaces that are defined by external standards organizations. For DOM, that's the W3C; for SAX it's David Megginson and sax.sourceforge.net; for JAXP it's Sun. Low
Product manifest: org/w3c/css/sac/ Implementation-Title org.w3c.css.sac Medium
Product pom parent-artifactid apache Medium
Product jar package name svg Low
Product file name xml-apis-ext High
Product manifest: org/w3c/dom/svg/ Specification-Title Document Object Model (DOM) for Scalable Vector Graphics (SVG) Medium
Product manifest: org/w3c/dom/smil/ Specification-Title Document Object Model (DOM) for Synchronized Multimedia Integration Language (SMIL) Medium
Product jar package name dom Low
Product pom name XML Commons External Components XML APIs Extensions High
Product pom url http://xml.apache.org/commons/components/external/ Medium
Product manifest: org/w3c/dom/smil/ Implementation-Title org.w3c.dom.smil Medium
Product manifest: org/w3c/dom/svg/ Implementation-Title org.w3c.dom.svg Medium
Product gradle artifactid xml-apis-ext Highest
Product pom groupid xml-apis Low
Product pom artifactid xml-apis-ext Highest
Product pom parent-groupid org.apache Low
Product manifest: org/w3c/css/sac/ Specification-Title Simple API for CSS Medium
Version file version 1.3.04 Highest
Version central version 1.3.04 Highest
Version pom version 1.3.04 Highest
batik-anim-1.9.jar
Description: Batik animation engine
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlgraphics\batik-anim\1.9\bf5a87c6647e4b0c454facc0278c64f4199717fc\batik-anim-1.9.jar
MD5: 3506913fc472df9efa371e932a70c8ef
SHA1: bf5a87c6647e4b0c454facc0278c64f4199717fc
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom description Batik animation engine Medium
Vendor jar package name apache Low
Vendor central groupid org.apache.xmlgraphics Highest
Vendor file name batik-anim High
Vendor pom parent-artifactid batik Low
Vendor pom groupid apache.xmlgraphics Highest
Vendor pom parent-groupid org.apache.xmlgraphics Medium
Vendor gradle groupid org.apache.xmlgraphics Highest
Vendor pom name org.apache.xmlgraphics:batik High
Vendor pom artifactid batik-anim Low
Vendor jar package name anim Low
Vendor jar package name batik Low
Product central artifactid batik-anim Highest
Product pom description Batik animation engine Medium
Product file name batik-anim High
Product pom parent-groupid org.apache.xmlgraphics Low
Product gradle artifactid batik-anim Highest
Product jar package name dom Low
Product pom name org.apache.xmlgraphics:batik High
Product pom parent-artifactid batik Medium
Product jar package name anim Low
Product pom artifactid batik-anim Highest
Product jar package name batik Low
Product pom groupid apache.xmlgraphics Low
Version pom version 1.9 Highest
Version file version 1.9 Highest
Version central version 1.9 Highest
batik-script-1.9.jar
Description: Batik script language support
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlgraphics\batik-script\1.9\4476562c724df213cd44d4ee292e1438d04cb7a7\batik-script-1.9.jar
MD5: a2290d86577d3d2fdeb7ac2f43a5d423
SHA1: 4476562c724df213cd44d4ee292e1438d04cb7a7
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name apache Low
Vendor file name batik-script High
Vendor central groupid org.apache.xmlgraphics Highest
Vendor pom parent-artifactid batik Low
Vendor pom description Batik script language support Medium
Vendor pom groupid apache.xmlgraphics Highest
Vendor pom parent-groupid org.apache.xmlgraphics Medium
Vendor gradle groupid org.apache.xmlgraphics Highest
Vendor pom name org.apache.xmlgraphics:batik High
Vendor jar package name script Low
Vendor pom artifactid batik-script Low
Vendor jar package name batik Low
Product pom name org.apache.xmlgraphics:batik High
Product central artifactid batik-script Highest
Product file name batik-script High
Product pom parent-artifactid batik Medium
Product jar package name script Low
Product gradle artifactid batik-script Highest
Product pom artifactid batik-script Highest
Product jar package name batik Low
Product pom parent-groupid org.apache.xmlgraphics Low
Product pom description Batik script language support Medium
Product pom groupid apache.xmlgraphics Low
Version pom version 1.9 Highest
Version file version 1.9 Highest
Version central version 1.9 Highest
batik-xml-1.9.jar
Description: Batik XML utilities
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlgraphics\batik-xml\1.9\ea56fceb9d20e5edf416651135e027fc8fbdb45f\batik-xml-1.9.jar
MD5: 084059f1d06d477dd35b59193a7ec4cf
SHA1: ea56fceb9d20e5edf416651135e027fc8fbdb45f
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name apache Low
Vendor pom description Batik XML utilities Medium
Vendor file name batik-xml High
Vendor central groupid org.apache.xmlgraphics Highest
Vendor pom parent-artifactid batik Low
Vendor pom groupid apache.xmlgraphics Highest
Vendor pom parent-groupid org.apache.xmlgraphics Medium
Vendor jar package name xml Low
Vendor gradle groupid org.apache.xmlgraphics Highest
Vendor pom name org.apache.xmlgraphics:batik High
Vendor pom artifactid batik-xml Low
Vendor jar package name batik Low
Product pom name org.apache.xmlgraphics:batik High
Product pom description Batik XML utilities Medium
Product central artifactid batik-xml Highest
Product file name batik-xml High
Product pom parent-artifactid batik Medium
Product pom artifactid batik-xml Highest
Product jar package name batik Low
Product gradle artifactid batik-xml Highest
Product pom parent-groupid org.apache.xmlgraphics Low
Product pom groupid apache.xmlgraphics Low
Product jar package name xml Low
Version pom version 1.9 Highest
Version file version 1.9 Highest
Version central version 1.9 Highest
xalan-2.7.2.jar
Description:
Xalan-Java is an XSLT processor for transforming XML documents into HTML,
text, or other XML document types. It implements XSL Transformations (XSLT)
Version 1.0 and XML Path Language (XPath) Version 1.0 and can be used from
the command line, in an applet or a servlet, or as a module in other program.
File Path: Z:\Gradle\caches\modules-2\files-2.1\xalan\xalan\2.7.2\d55d3f02a56ec4c25695fe67e1334ff8c2ecea23\xalan-2.7.2.jar
MD5: 6aa6607802502c8016b676f25f8e4873
SHA1: d55d3f02a56ec4c25695fe67e1334ff8c2ecea23
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name apache Low
Vendor pom groupid xalan Highest
Vendor pom parent-groupid org.apache Medium
Vendor central groupid xalan Highest
Vendor pom parent-artifactid apache Low
Vendor manifest: org/apache/xalan/xsltc/ Implementation-Vendor Apache Software Foundation Medium
Vendor pom url http://xml.apache.org/xalan-j/ Highest
Vendor file name xalan High
Vendor manifest: org/apache/xml/ Implementation-Vendor Apache Software Foundation Medium
Vendor pom artifactid xalan Low
Vendor gradle groupid xalan Highest
Vendor manifest: org/apache/regexp/ Implementation-Vendor Apache Software Foundation Medium
Vendor manifest: org/apache/bcel/ Implementation-Vendor Apache Software Foundation Medium
Vendor pom description Xalan-Java is an XSLT processor for transforming XML documents into HTML, text, or other XML document types. It implements XSL Transformations (XSLT) Version 1.0 and XML Path Language (XPath) Version 1.0 and can be used from the command line, in an applet or a servlet, or as a module in other program. Low
Vendor manifest: org/apache/xpath/ Implementation-Vendor Apache Software Foundation Medium
Vendor manifest: java_cup/runtime/ Implementation-Vendor Princeton University Medium
Vendor pom name Xalan Java High
Vendor manifest: org/apache/xalan/ Implementation-Vendor Apache Software Foundation Medium
Product manifest: org/apache/xml/ Implementation-Title org.apache.xml Medium
Product manifest: org/apache/xalan/ Specification-Title Java API for XML Processing Medium
Product manifest: org/apache/regexp/ Specification-Title Java Regular Expression package Medium
Product manifest: org/apache/xalan/ Implementation-Title org.apache.xalan Medium
Product manifest: org/apache/bcel/ Specification-Title Byte Code Engineering Library Medium
Product pom parent-artifactid apache Medium
Product gradle artifactid xalan Highest
Product manifest: java_cup/runtime/ Specification-Title Runtime component of JCup Medium
Product pom url http://xml.apache.org/xalan-j/ Medium
Product file name xalan High
Product manifest: java_cup/runtime/ Implementation-Title runtime Medium
Product manifest: org/apache/xalan/xsltc/ Implementation-Title org.apache.xalan.xsltc Medium
Product pom groupid xalan Low
Product pom description Xalan-Java is an XSLT processor for transforming XML documents into HTML, text, or other XML document types. It implements XSL Transformations (XSLT) Version 1.0 and XML Path Language (XPath) Version 1.0 and can be used from the command line, in an applet or a servlet, or as a module in other program. Low
Product manifest: org/apache/bcel/ Implementation-Title org.apache.bcel Medium
Product pom artifactid xalan Highest
Product manifest: org/apache/xpath/ Implementation-Title org.apache.xpath Medium
Product manifest: org/apache/xalan/xsltc/ Specification-Title Java API for XML Processing Medium
Product pom parent-groupid org.apache Low
Product pom name Xalan Java High
Product manifest: org/apache/regexp/ Implementation-Title org.apache.regexp Medium
Product central artifactid xalan Highest
Version pom version 2.7.2 Highest
Version central version 2.7.2 Highest
Version file version 2.7.2 Highest
maven: xalan:xalan:2.7.2 ✓
Confidence :Highest
cpe: cpe:/a:apache:xalan-java:2.7.2
Confidence :Low
suppress
batik-svggen-1.9.jar
Description: Batik Java2D SVG generator
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlgraphics\batik-svggen\1.9\2c401640b2006df659df1fd21888c7b8c3d3ecec\batik-svggen-1.9.jar
MD5: e906d73f52349a526a602bfbf2459335
SHA1: 2c401640b2006df659df1fd21888c7b8c3d3ecec
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name apache Low
Vendor pom artifactid batik-svggen Low
Vendor central groupid org.apache.xmlgraphics Highest
Vendor pom parent-artifactid batik Low
Vendor pom description Batik Java2D SVG generator Medium
Vendor pom groupid apache.xmlgraphics Highest
Vendor pom parent-groupid org.apache.xmlgraphics Medium
Vendor file name batik-svggen High
Vendor gradle groupid org.apache.xmlgraphics Highest
Vendor pom name org.apache.xmlgraphics:batik High
Vendor jar package name batik Low
Vendor jar package name svggen Low
Product pom name org.apache.xmlgraphics:batik High
Product pom parent-artifactid batik Medium
Product central artifactid batik-svggen Highest
Product jar package name batik Low
Product pom parent-groupid org.apache.xmlgraphics Low
Product pom description Batik Java2D SVG generator Medium
Product jar package name svggen Low
Product file name batik-svggen High
Product pom groupid apache.xmlgraphics Low
Product gradle artifactid batik-svggen Highest
Product pom artifactid batik-svggen Highest
Version pom version 1.9 Highest
Version file version 1.9 Highest
Version central version 1.9 Highest
ws-commons-util-1.0.2.jar
Description:
This is a small collection of utility classes, that allow high performance XML
processing based on SAX. Basically, it is assumed, that you are using an JAXP
1.1 compliant XML parser and nothing else. In particular, no dependency on the
javax.xml.transform package is introduced.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.ws.commons.util\ws-commons-util\1.0.2\3f478e6def772c19d1053f61198fa1f6a6119238\ws-commons-util-1.0.2.jar
MD5: e0d2efe441e2dec803c7749c10725f61
SHA1: 3f478e6def772c19d1053f61198fa1f6a6119238
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name ws Low
Vendor file name ws-commons-util High
Vendor jar package name apache Low
Vendor pom description This is a small collection of utility classes, that allow high performance XML processing based on SAX. Basically, it is assumed, that you are using an JAXP 1.1 compliant XML parser and nothing else. In particular, no dependency on the javax.xml.transform package is introduced. Low
Vendor pom url http://ws.apache.org/commons/util Highest
Vendor pom organization url http://www.apache.org/ Medium
Vendor pom name Apache WebServices Common Utilities High
Vendor gradle groupid org.apache.ws.commons.util Highest
Vendor pom organization name Apache Software Foundation High
Vendor pom artifactid ws-commons-util Low
Vendor pom groupid apache.ws.commons.util Highest
Vendor jar package name commons Low
Vendor central groupid org.apache.ws.commons.util Highest
Product jar package name ws Low
Product file name ws-commons-util High
Product gradle artifactid ws-commons-util Highest
Product pom description This is a small collection of utility classes, that allow high performance XML processing based on SAX. Basically, it is assumed, that you are using an JAXP 1.1 compliant XML parser and nothing else. In particular, no dependency on the javax.xml.transform package is introduced. Low
Product pom name Apache WebServices Common Utilities High
Product pom url http://ws.apache.org/commons/util Medium
Product pom organization url http://www.apache.org/ Low
Product jar package name commons Low
Product pom artifactid ws-commons-util Highest
Product pom organization name Apache Software Foundation Low
Product jar package name util Low
Product pom groupid apache.ws.commons.util Low
Product central artifactid ws-commons-util Highest
Version pom version 1.0.2 Highest
Version file version 1.0.2 Highest
Version central version 1.0.2 Highest
nekohtml-1.9.16.jar
Description: An HTML parser and tag balancer.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\net.sourceforge.nekohtml\nekohtml\1.9.16\61e35204e5a8fdb864152f84e2e3b33ab56f50ab\nekohtml-1.9.16.jar
MD5: 30f85f202157f9967edf39bed7df5fbb
SHA1: 61e35204e5a8fdb864152f84e2e3b33ab56f50ab
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom name Neko HTML High
Vendor manifest: org/cyberneko/html/ Implementation-Vendor Andy Clark, Marc Guillemot Medium
Vendor jar package name html Low
Vendor central groupid net.sourceforge.nekohtml Highest
Vendor jar package name cyberneko Low
Vendor pom artifactid nekohtml Low
Vendor file name nekohtml High
Vendor pom url http://nekohtml.sourceforge.net/ Highest
Vendor gradle groupid net.sourceforge.nekohtml Highest
Vendor pom groupid net.sourceforge.nekohtml Highest
Vendor pom description An HTML parser and tag balancer. Medium
Product manifest: org/cyberneko/html/ Implementation-Title CyberNeko HTML Parser Medium
Product pom url http://nekohtml.sourceforge.net/ Medium
Product pom name Neko HTML High
Product jar package name html Low
Product pom groupid net.sourceforge.nekohtml Low
Product pom artifactid nekohtml Highest
Product gradle artifactid nekohtml Highest
Product manifest: org/cyberneko/html/ Specification-Title Hyper-Text Markup Language (HTML) Medium
Product file name nekohtml High
Product pom description An HTML parser and tag balancer. Medium
Product central artifactid nekohtml Highest
Version pom version 1.9.16 Highest
Version central version 1.9.16 Highest
Version file version 1.9.16 Highest
commons-httpclient-3.1.jar
Description: The HttpClient component supports the client-side of RFC 1945 (HTTP/1.0) and RFC 2616 (HTTP/1.1) , several related specifications (RFC 2109 (Cookies) , RFC 2617 (HTTP Authentication) , etc.), and provides a framework by which new request types (methods) or HTTP extensions can be created easily.
License:
Apache License: http://www.apache.org/licenses/LICENSE-2.0
File Path: Z:\Gradle\caches\modules-2\files-2.1\commons-httpclient\commons-httpclient\3.1\964cd74171f427720480efdec40a7c7f6e58426a\commons-httpclient-3.1.jar
MD5: 8ad8c9229ef2d59ab9f59f7050e846a5
SHA1: 964cd74171f427720480efdec40a7c7f6e58426a
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name apache Low
Vendor gradle groupid commons-httpclient Highest
Vendor manifest: org/apache/commons/httpclient Implementation-Vendor Apache Software Foundation Medium
Vendor pom organization url http://jakarta.apache.org/ Medium
Vendor pom artifactid commons-httpclient Low
Vendor pom organization name Apache Software Foundation High
Vendor file name commons-httpclient High
Vendor jar package name httpclient Low
Vendor jar package name commons Low
Vendor pom groupid commons-httpclient Highest
Vendor pom url http://jakarta.apache.org/httpcomponents/httpclient-3.x/ Highest
Vendor central groupid commons-httpclient Highest
Vendor pom name HttpClient High
Vendor pom description The HttpClient component supports the client-side of RFC 1945 (HTTP/1.0) and RFC 2616 (HTTP/1.1) , several related specifications (RFC 2109 (Cookies) , RFC 2617 (HTTP Authentication) , etc.), and provides a framework by which new request types (methods) or HTTP extensions can be created easily. Low
Product manifest: org/apache/commons/httpclient Implementation-Title org.apache.commons.httpclient Medium
Product pom groupid commons-httpclient Low
Product central artifactid commons-httpclient Highest
Product pom organization url http://jakarta.apache.org/ Low
Product pom url http://jakarta.apache.org/httpcomponents/httpclient-3.x/ Medium
Product gradle artifactid commons-httpclient Highest
Product file name commons-httpclient High
Product jar package name httpclient Low
Product jar package name commons Low
Product pom organization name Apache Software Foundation Low
Product pom artifactid commons-httpclient Highest
Product manifest: org/apache/commons/httpclient Specification-Title Jakarta Commons HttpClient Medium
Product pom name HttpClient High
Product pom description The HttpClient component supports the client-side of RFC 1945 (HTTP/1.0) and RFC 2616 (HTTP/1.1) , several related specifications (RFC 2109 (Cookies) , RFC 2617 (HTTP Authentication) , etc.), and provides a framework by which new request types (methods) or HTTP extensions can be created easily. Low
Version file version 3.1 Highest
Version pom version 3.1 Highest
Version central version 3.1 Highest
Published Vulnerabilities
CVE-2012-6153 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-20 Improper Input Validation
http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5783.
Vulnerable Software & Versions: (show all )
CVE-2014-3577 suppress
Severity:
Medium
CVSS Score: 5.8
(AV:N/AC:M/Au:N/C:P/I:P/A:N)
org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "CN=" string in a field in the distinguished name (DN) of a certificate, as demonstrated by the "foo,CN=www.apache.org" string in the O field.
Vulnerable Software & Versions: (show all )
CVE-2015-5262 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors
http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors.
Vulnerable Software & Versions:
axis-1.4.jar
Description:
An implementation of the SOAP ("Simple Object Access Protocol") submission to W3C.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.axis\axis\1.4\94a9ce681a42d0352b3ad22659f67835e560d107\axis-1.4.jar
MD5: 03dcfdd88502505cc5a805a128bfdd8d
SHA1: 94a9ce681a42d0352b3ad22659f67835e560d107
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name apache Low
Vendor gradle groupid org.apache.axis Highest
Vendor manifest: org/apache/axis Implementation-Vendor Apache Web Services Medium
Vendor pom artifactid axis Low
Vendor pom url http://ws.apache.org/axis Highest
Vendor central groupid org.apache.axis High
Vendor pom name Axis Web Services High
Vendor central groupid axis High
Vendor jar package name axis Low
Vendor pom groupid axis Highest
Vendor pom description
An implementation of the SOAP ("Simple Object Access Protocol") submission to W3C.
Medium
Vendor file name axis High
Product pom artifactid axis Highest
Product gradle artifactid axis Highest
Product pom name Axis Web Services High
Product pom url http://ws.apache.org/axis Medium
Product jar package name axis Low
Product manifest: org/apache/axis Implementation-Title Apache Axis Medium
Product pom groupid axis Low
Product pom description
An implementation of the SOAP ("Simple Object Access Protocol") submission to W3C.
Medium
Product file name axis High
Product central artifactid axis High
Version central version 1.4 High
Version pom version 1.4 Highest
Version file version 1.4 Highest
Published Vulnerabilities
CVE-2012-5784 suppress
Severity:
Medium
CVSS Score: 5.8
(AV:N/AC:M/Au:N/C:P/I:P/A:N)
CWE: CWE-20 Improper Input Validation
Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Vulnerable Software & Versions: (show all )
CVE-2014-3596 suppress
Severity:
Medium
CVSS Score: 5.8
(AV:N/AC:M/Au:N/C:P/I:P/A:N)
The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5784.
Vulnerable Software & Versions: (show all )
commons-discovery-0.5.jar
Description: The Apache Commons Discovery component is about discovering, or finding,
implementations for pluggable interfaces.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\commons-discovery\commons-discovery\0.5\3a8ac816bbe02d2f88523ef22cbf2c4abd71d6a8\commons-discovery-0.5.jar
MD5: b35120680c3a22cec7a037fce196cd97
SHA1: 3a8ac816bbe02d2f88523ef22cbf2c4abd71d6a8
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest bundle-docurl http://commons.apache.org/discovery/ Low
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor pom groupid commons-discovery Highest
Vendor manifest Bundle-Description The Apache Commons Discovery component is about discovering, or finding, implementations for pluggable interfaces. Low
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom parent-groupid org.apache.commons Medium
Vendor pom url http://commons.apache.org/discovery/ Highest
Vendor central groupid commons-discovery Highest
Vendor pom artifactid commons-discovery Low
Vendor pom name Commons Discovery High
Vendor file name commons-discovery High
Vendor Manifest bundle-symbolicname org.apache.commons.discovery Medium
Vendor pom parent-artifactid commons-parent Low
Vendor gradle groupid commons-discovery Highest
Vendor pom description The Apache Commons Discovery component is about discovering, or finding, implementations for pluggable interfaces. Low
Product pom parent-groupid org.apache.commons Low
Product pom artifactid commons-discovery Highest
Product Manifest bundle-docurl http://commons.apache.org/discovery/ Low
Product central artifactid commons-discovery Highest
Product manifest Bundle-Description The Apache Commons Discovery component is about discovering, or finding, implementations for pluggable interfaces. Low
Product Manifest Implementation-Title Commons Discovery High
Product Manifest Bundle-Name Commons Discovery Medium
Product pom parent-artifactid commons-parent Medium
Product pom name Commons Discovery High
Product pom url http://commons.apache.org/discovery/ Medium
Product file name commons-discovery High
Product Manifest specification-title Commons Discovery Medium
Product Manifest bundle-symbolicname org.apache.commons.discovery Medium
Product gradle artifactid commons-discovery Highest
Product pom description The Apache Commons Discovery component is about discovering, or finding, implementations for pluggable interfaces. Low
Product pom groupid commons-discovery Low
Version Manifest Implementation-Version 0.5 High
Version pom version 0.5 Highest
Version central version 0.5 Highest
Version file version 0.5 Highest
org.eclipse.birt.runtime-4.4.1.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.birt.runtime\4.4.1\d7f5495359184868842e469c1929109a0f69d87a\org.eclipse.birt.runtime-4.4.1.jar
MD5: bf28ed4bebc04a32e84e8982d80fa9fd
SHA1: d7f5495359184868842e469c1929109a0f69d87a
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest bundle-symbolicname org.eclipse.birt.runtime Medium
Vendor pom name org.eclipse.birt.runtime_4.4.1.v20140916-1320.jar High
Vendor central groupid org.eclipse.birt.runtime Highest
Vendor file name org.eclipse.birt.runtime High
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor pom groupid eclipse.birt.runtime Highest
Vendor pom artifactid eclipse.birt.runtime Low
Vendor jar package name report Low
Vendor gradle groupid org.eclipse.birt.runtime Highest
Vendor jar package name birt Low
Vendor jar package name eclipse Low
Product Manifest Bundle-Name BIRT Runtime SDK Medium
Product Manifest bundle-symbolicname org.eclipse.birt.runtime Medium
Product pom artifactid eclipse.birt.runtime Highest
Product pom name org.eclipse.birt.runtime_4.4.1.v20140916-1320.jar High
Product file name org.eclipse.birt.runtime High
Product pom description A component of the BIRT runtime Medium
Product gradle artifactid org.eclipse.birt.runtime Highest
Product jar package name report Low
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product pom groupid eclipse.birt.runtime Low
Product central artifactid org.eclipse.birt.runtime Highest
Product jar package name birt Low
Version pom version 4.4.1 Highest
Version central version 4.4.1 Highest
Version file version 4.4.1 Highest
tomcat-embed-core-8.5.23.jar
Description: Core Tomcat implementation
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.tomcat.embed\tomcat-embed-core\8.5.23\79261793a47f507890ee08f749b9d81774e4f7f0\tomcat-embed-core-8.5.23.jar
MD5: ae9430c1a4fc4d0d8eee4f33f2f4da00
SHA1: 79261793a47f507890ee08f749b9d81774e4f7f0
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name apache Low
Vendor pom url http://tomcat.apache.org/ Highest
Vendor central groupid org.apache.tomcat.embed Highest
Vendor pom description Core Tomcat implementation Medium
Vendor file name tomcat-embed-core High
Vendor Manifest Implementation-Vendor Apache Software Foundation High
Vendor pom groupid apache.tomcat.embed Highest
Vendor pom artifactid tomcat-embed-core Low
Vendor Manifest specification-vendor Apache Software Foundation Low
Vendor gradle groupid org.apache.tomcat.embed Highest
Product gradle artifactid tomcat-embed-core Highest
Product pom artifactid tomcat-embed-core Highest
Product pom groupid apache.tomcat.embed Low
Product pom description Core Tomcat implementation Medium
Product file name tomcat-embed-core High
Product Manifest Implementation-Title Apache Tomcat High
Product central artifactid tomcat-embed-core Highest
Product pom url http://tomcat.apache.org/ Medium
Product Manifest specification-title Apache Tomcat Medium
Version Manifest Implementation-Version 8.5.23 High
Version pom version 8.5.23 Highest
Version central version 8.5.23 Highest
Version file version 8.5.23 Highest
person-directory-impl-1.5.0-RC5.jar
Description: Provides implementations of the Person Directory API that have the capability of aggregating attributes from multiple data sources into a single view.
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.jasig.service\person-directory-impl\1.5.0-RC5\512831d6195409f9de30bcd06e1a3ce31fc4304f\person-directory-impl-1.5.0-RC5.jar
MD5: 05082275b6865cad22812017040483e2
SHA1: 512831d6195409f9de30bcd06e1a3ce31fc4304f
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor file name person-directory-impl High
Vendor gradle groupid org.jasig.service Highest
Vendor pom name Person Directory Implementations High
Vendor pom artifactid person-directory-impl Low
Vendor Manifest Implementation-Vendor Jasig High
Vendor pom groupid jasig.service Highest
Vendor pom parent-artifactid person-directory-parent Low
Vendor Manifest Implementation-Vendor-Id org.jasig.service Medium
Vendor pom description Provides implementations of the Person Directory API that have the capability of aggregating attributes from multiple data sources into a single view. Low
Vendor central groupid org.jasig.service Highest
Vendor Manifest specification-vendor Jasig Low
Vendor pom parent-groupid org.jasig.service Medium
Product pom parent-artifactid person-directory-parent Medium
Product file name person-directory-impl High
Product Manifest specification-title Person Directory Implementations Medium
Product pom name Person Directory Implementations High
Product gradle artifactid person-directory-impl Highest
Product pom artifactid person-directory-impl Highest
Product pom parent-groupid org.jasig.service Low
Product pom description Provides implementations of the Person Directory API that have the capability of aggregating attributes from multiple data sources into a single view. Low
Product Manifest Implementation-Title Person Directory Implementations High
Product central artifactid person-directory-impl Highest
Product pom groupid jasig.service Low
Version file version 1.5.0.rc5 Highest
Version central version 1.5.0-RC5 Highest
Version Manifest Implementation-Version 1.5.0-RC5 High
Version pom version 1.5.0-RC5 Highest
jdom-1.0.jar
File Path: Z:\Gradle\caches\modules-2\files-2.1\jdom\jdom\1.0\a2ac1cd690ab4c80defe7f9bce14d35934c35cec\jdom-1.0.jar
MD5: 0b8f97de82fc9529b1028a77125ce4f8
SHA1: a2ac1cd690ab4c80defe7f9bce14d35934c35cec
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom name JDOM library High
Vendor manifest: org/jdom/adapters/ Implementation-Vendor jdom.org Medium
Vendor manifest: org/jdom/filter/ Implementation-Vendor jdom.org Medium
Vendor central groupid jdom High
Vendor manifest: org/jdom/input/ Implementation-Vendor jdom.org Medium
Vendor manifest: org/jdom/xpath/ Implementation-Vendor jdom.org Medium
Vendor gradle groupid jdom Highest
Vendor manifest: org/jdom/output/ Implementation-Vendor jdom.org Medium
Vendor pom url http://www.jdom.org/ Highest
Vendor manifest: org/jdom/transform/ Implementation-Vendor jdom.org Medium
Vendor pom groupid sun.phobos Highest
Vendor manifest: org/jdom/ Implementation-Vendor jdom.org Medium
Vendor jar package name jdom Low
Vendor file name jdom High
Vendor central groupid com.sun.phobos High
Vendor pom artifactid jdom Low
Product manifest: org/jdom/xpath/ Implementation-Title org.jdom.xpath Medium
Product central artifactid jdom High
Product pom name JDOM library High
Product manifest: org/jdom/output/ Implementation-Title org.jdom.output Medium
Product pom groupid sun.phobos Low
Product pom artifactid jdom Highest
Product manifest: org/jdom/filter/ Implementation-Title org.jdom.filter Medium
Product manifest: org/jdom/adapters/ Implementation-Title org.jdom.adapters Medium
Product manifest: org/jdom/transform/ Implementation-Title org.jdom.transform Medium
Product manifest: org/jdom/output/ Specification-Title JDOM Output Classes Medium
Product manifest: org/jdom/transform/ Specification-Title JDOM Transformation Classes Medium
Product manifest: org/jdom/adapters/ Specification-Title JDOM Adapter Classes Medium
Product manifest: org/jdom/ Specification-Title JDOM Classes Medium
Product gradle artifactid jdom Highest
Product manifest: org/jdom/input/ Implementation-Title org.jdom.input Medium
Product pom url http://www.jdom.org/ Medium
Product manifest: org/jdom/xpath/ Specification-Title JDOM XPath Classes Medium
Product manifest: org/jdom/filter/ Specification-Title JDOM Filter Classes Medium
Product manifest: org/jdom/input/ Specification-Title JDOM Input Classes Medium
Product file name jdom High
Product manifest: org/jdom/ Implementation-Title org.jdom Medium
Version central version 1.0 High
Version pom version 1.0 Highest
Version file version 1.0 Highest
spring-orm-2.5.6.SEC01.jar
Description: Spring Framework: ORM
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.springframework\spring-orm\2.5.6.SEC01\255bd5a5d6d456792bb928e1cced60755f1fe513\spring-orm-2.5.6.SEC01.jar
MD5: cfb974095eb2430ba94a1137a4ee2313
SHA1: 255bd5a5d6d456792bb928e1cced60755f1fe513
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor hint analyzer vendor pivotal software High
Vendor hint analyzer vendor SpringSource High
Vendor pom url http://www.springframework.org Highest
Vendor jar package name springframework Low
Vendor Manifest bundle-symbolicname org.springframework.orm Medium
Vendor pom organization url http://www.springframework.org/ Medium
Vendor pom groupid springframework Highest
Vendor pom organization name Spring Framework High
Vendor hint analyzer vendor vmware High
Vendor central groupid org.springframework Highest
Vendor pom artifactid spring-orm Low
Vendor file name spring-orm High
Vendor pom name Spring Framework: ORM High
Vendor pom description Spring Framework: ORM Medium
Vendor gradle groupid org.springframework Highest
Vendor jar package name orm Low
Product pom artifactid spring-orm Highest
Product central artifactid spring-orm Highest
Product pom organization url http://www.springframework.org/ Low
Product Manifest Implementation-Title Spring Framework High
Product Manifest bundle-symbolicname org.springframework.orm Medium
Product pom url http://www.springframework.org Medium
Product pom organization name Spring Framework Low
Product gradle artifactid spring-orm Highest
Product pom groupid springframework Low
Product file name spring-orm High
Product hint analyzer product springsource_spring_framework High
Product pom name Spring Framework: ORM High
Product pom description Spring Framework: ORM Medium
Product Manifest Bundle-Name Spring ORM Medium
Product jar package name orm Low
Version pom version 2.5.6.SEC01 Highest
Version central version 2.5.6.SEC01 Highest
Version Manifest Implementation-Version 2.5.6.SEC01 High
Version file version 2.5.6.sec01 Highest
cpe: cpe:/a:springsource:spring_framework:2.5.6.sec01
Confidence :Low
suppress
cpe: cpe:/a:pivotal:spring_framework:2.5.6.sec01
Confidence :Low
suppress
cpe: cpe:/a:pivotal_software:spring_framework:2.5.6.sec01
Confidence :Low
suppress
cpe: cpe:/a:vmware:springsource_spring_framework:2.5.6.sec01
Confidence :Low
suppress
maven: org.springframework:spring-orm:2.5.6.SEC01 ✓
Confidence :Highest
Published Vulnerabilities
CVE-2011-2730 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-16 Configuration
VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language (EL), evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a (1) name attribute in a (a) spring:hasBindErrors tag; (2) path attribute in a (b) spring:bind or (c) spring:nestedpath tag; (3) arguments, (4) code, (5) text, (6) var, (7) scope, or (8) message attribute in a (d) spring:message or (e) spring:theme tag; or (9) var, (10) scope, or (11) value attribute in a (f) spring:transform tag, aka "Expression Language Injection."
Vulnerable Software & Versions: (show all )
CVE-2013-4152 suppress
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.
Vulnerable Software & Versions: (show all )
CVE-2013-6429 suppress
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315.
Vulnerable Software & Versions: (show all )
CVE-2013-7315 suppress
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152. NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions.
Vulnerable Software & Versions: (show all )
CVE-2014-0054 suppress
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-352
The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429.
Vulnerable Software & Versions: (show all )
CVE-2014-1904 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action.
Vulnerable Software & Versions: (show all )
CVE-2016-9878 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.
Vulnerable Software & Versions: (show all )
spring-jdbc-2.5.6.SEC01.jar
Description: Spring Framework: JDBC
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.springframework\spring-jdbc\2.5.6.SEC01\74f28b32f9678dd3093643a268af767ddfcc337d\spring-jdbc-2.5.6.SEC01.jar
MD5: c07e1949e888106ff976e0d8f3d2d594
SHA1: 74f28b32f9678dd3093643a268af767ddfcc337d
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor hint analyzer vendor pivotal software High
Vendor jar package name jdbc Low
Vendor hint analyzer vendor SpringSource High
Vendor pom url http://www.springframework.org Highest
Vendor jar package name springframework Low
Vendor pom organization url http://www.springframework.org/ Medium
Vendor pom groupid springframework Highest
Vendor pom organization name Spring Framework High
Vendor hint analyzer vendor vmware High
Vendor Manifest bundle-symbolicname org.springframework.jdbc Medium
Vendor pom description Spring Framework: JDBC Medium
Vendor pom artifactid spring-jdbc Low
Vendor file name spring-jdbc High
Vendor central groupid org.springframework Highest
Vendor pom name Spring Framework: JDBC High
Vendor gradle groupid org.springframework Highest
Product pom artifactid spring-jdbc Highest
Product jar package name jdbc Low
Product central artifactid spring-jdbc Highest
Product pom organization url http://www.springframework.org/ Low
Product Manifest Implementation-Title Spring Framework High
Product pom url http://www.springframework.org Medium
Product Manifest Bundle-Name Spring JDBC Medium
Product Manifest bundle-symbolicname org.springframework.jdbc Medium
Product pom description Spring Framework: JDBC Medium
Product pom organization name Spring Framework Low
Product file name spring-jdbc High
Product pom groupid springframework Low
Product pom name Spring Framework: JDBC High
Product hint analyzer product springsource_spring_framework High
Product gradle artifactid spring-jdbc Highest
Version pom version 2.5.6.SEC01 Highest
Version central version 2.5.6.SEC01 Highest
Version Manifest Implementation-Version 2.5.6.SEC01 High
Version file version 2.5.6.sec01 Highest
cpe: cpe:/a:springsource:spring_framework:2.5.6.sec01
Confidence :Low
suppress
cpe: cpe:/a:pivotal:spring_framework:2.5.6.sec01
Confidence :Low
suppress
maven: org.springframework:spring-jdbc:2.5.6.SEC01 ✓
Confidence :Highest
cpe: cpe:/a:pivotal_software:spring_framework:2.5.6.sec01
Confidence :Low
suppress
cpe: cpe:/a:vmware:springsource_spring_framework:2.5.6.sec01
Confidence :Low
suppress
Published Vulnerabilities
CVE-2011-2730 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-16 Configuration
VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language (EL), evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a (1) name attribute in a (a) spring:hasBindErrors tag; (2) path attribute in a (b) spring:bind or (c) spring:nestedpath tag; (3) arguments, (4) code, (5) text, (6) var, (7) scope, or (8) message attribute in a (d) spring:message or (e) spring:theme tag; or (9) var, (10) scope, or (11) value attribute in a (f) spring:transform tag, aka "Expression Language Injection."
Vulnerable Software & Versions: (show all )
CVE-2013-4152 suppress
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.
Vulnerable Software & Versions: (show all )
CVE-2013-6429 suppress
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315.
Vulnerable Software & Versions: (show all )
CVE-2013-7315 suppress
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152. NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions.
Vulnerable Software & Versions: (show all )
CVE-2014-0054 suppress
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-352
The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429.
Vulnerable Software & Versions: (show all )
CVE-2014-1904 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action.
Vulnerable Software & Versions: (show all )
CVE-2016-9878 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.
Vulnerable Software & Versions: (show all )
spring-webmvc-2.5.6.SEC01.jar
Description: Spring Framework: Web MVC
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.springframework\spring-webmvc\2.5.6.SEC01\1a48edcf8dcfc76882c821931eb0529db9af5d9b\spring-webmvc-2.5.6.SEC01.jar
MD5: 843c40ce4f66dc53e6fa635aff914933
SHA1: 1a48edcf8dcfc76882c821931eb0529db9af5d9b
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor file name spring-webmvc High
Vendor hint analyzer vendor pivotal software High
Vendor hint analyzer vendor SpringSource High
Vendor pom artifactid spring-webmvc Low
Vendor pom url http://www.springframework.org Highest
Vendor jar package name springframework Low
Vendor pom organization url http://www.springframework.org/ Medium
Vendor pom groupid springframework Highest
Vendor pom organization name Spring Framework High
Vendor pom description Spring Framework: Web MVC Medium
Vendor hint analyzer vendor vmware High
Vendor central groupid org.springframework Highest
Vendor jar package name web Low
Vendor Manifest bundle-symbolicname org.springframework.web.servlet Medium
Vendor pom name Spring Framework: Web MVC High
Vendor jar package name servlet Low
Vendor gradle groupid org.springframework Highest
Product file name spring-webmvc High
Product pom organization url http://www.springframework.org/ Low
Product Manifest Implementation-Title Spring Framework High
Product pom url http://www.springframework.org Medium
Product gradle artifactid spring-webmvc Highest
Product central artifactid spring-webmvc Highest
Product pom description Spring Framework: Web MVC Medium
Product pom organization name Spring Framework Low
Product jar package name web Low
Product pom groupid springframework Low
Product hint analyzer product springsource_spring_framework High
Product Manifest bundle-symbolicname org.springframework.web.servlet Medium
Product pom artifactid spring-webmvc Highest
Product pom name Spring Framework: Web MVC High
Product jar package name servlet Low
Product Manifest Bundle-Name Spring Web Servlet Medium
Version pom version 2.5.6.SEC01 Highest
Version central version 2.5.6.SEC01 Highest
Version Manifest Implementation-Version 2.5.6.SEC01 High
Version file version 2.5.6.sec01 Highest
cpe: cpe:/a:springsource:spring_framework:2.5.6.sec01
Confidence :Low
suppress
maven: org.springframework:spring-webmvc:2.5.6.SEC01 ✓
Confidence :Highest
cpe: cpe:/a:pivotal:spring_framework:2.5.6.sec01
Confidence :Low
suppress
cpe: cpe:/a:pivotal_software:spring_framework:2.5.6.sec01
Confidence :Low
suppress
cpe: cpe:/a:vmware:springsource_spring_framework:2.5.6.sec01
Confidence :Low
suppress
Published Vulnerabilities
CVE-2011-2730 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-16 Configuration
VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language (EL), evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a (1) name attribute in a (a) spring:hasBindErrors tag; (2) path attribute in a (b) spring:bind or (c) spring:nestedpath tag; (3) arguments, (4) code, (5) text, (6) var, (7) scope, or (8) message attribute in a (d) spring:message or (e) spring:theme tag; or (9) var, (10) scope, or (11) value attribute in a (f) spring:transform tag, aka "Expression Language Injection."
Vulnerable Software & Versions: (show all )
CVE-2013-4152 suppress
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.
Vulnerable Software & Versions: (show all )
CVE-2013-6429 suppress
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315.
Vulnerable Software & Versions: (show all )
CVE-2013-7315 suppress
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152. NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions.
Vulnerable Software & Versions: (show all )
CVE-2014-0054 suppress
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-352
The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429.
Vulnerable Software & Versions: (show all )
CVE-2014-1904 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action.
Vulnerable Software & Versions: (show all )
CVE-2016-9878 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.
Vulnerable Software & Versions: (show all )
hibernate-annotations-3.3.1.GA.jar
Description: Annotations metadata for Hibernate
License:
GNU LESSER GENERAL PUBLIC LICENSE: http://www.gnu.org/licenses/lgpl.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.hibernate\hibernate-annotations\3.3.1.GA\2083b277c76037253189d17e68ba86d2da478440\hibernate-annotations-3.3.1.GA.jar
MD5: ac93aaf6dad9f72e1ca73eb4069b4cd0
SHA1: 2083b277c76037253189d17e68ba86d2da478440
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom url http://annotations.hibernate.org Highest
Vendor jar package name hibernate Low
Vendor Manifest Implementation-Vendor-Id hibernate.org Medium
Vendor central groupid org.hibernate Highest
Vendor pom description Annotations metadata for Hibernate Medium
Vendor file name hibernate-annotations High
Vendor gradle groupid org.hibernate Highest
Vendor pom artifactid hibernate-annotations Low
Vendor Manifest specification-vendor jcp.org Low
Vendor Manifest implementation-url http://annotations.hibernate.org Low
Vendor jar package name annotations Low
Vendor pom groupid hibernate Highest
Vendor pom name Hibernate Annotations High
Vendor Manifest Implementation-Vendor hibernate.org High
Product pom artifactid hibernate-annotations Highest
Product pom groupid hibernate Low
Product Manifest specification-title Java Persistence Medium
Product pom description Annotations metadata for Hibernate Medium
Product file name hibernate-annotations High
Product gradle artifactid hibernate-annotations Highest
Product Manifest implementation-url http://annotations.hibernate.org Low
Product jar package name annotations Low
Product pom url http://annotations.hibernate.org Medium
Product pom name Hibernate Annotations High
Product central artifactid hibernate-annotations Highest
Product Manifest Implementation-Title Hibernate Annotations High
Version file version 3.3.1 Highest
Version Manifest Implementation-Version 3.3.1.GA High
Version pom version 3.3.1.GA Highest
Version central version 3.3.1.GA Highest
xmlsec-1.4.3.jar
Description:
Apache XML Security supports XML-Signature Syntax and Processing,
W3C Recommendation 12 February 2002, and XML Encryption Syntax and
Processing, W3C Recommendation 10 December 2002. As of version 1.4,
the Java library supports the standard Java API JSR-105: XML Digital
Signature APIs.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.santuario\xmlsec\1.4.3\22629b7c6b25352c25be97d0839460fef58ec533\xmlsec-1.4.3.jar
MD5: 16a2d033196888c83e06ac9dda7f88de
SHA1: 22629b7c6b25352c25be97d0839460fef58ec533
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom url http://santuario.apache.org/ Highest
Vendor jar package name apache Low
Vendor pom artifactid xmlsec Low
Vendor jar package name security Low
Vendor pom groupid apache.santuario Highest
Vendor file name xmlsec High
Vendor pom organization url http://www.apache.org/ Medium
Vendor central groupid org.apache.santuario Highest
Vendor pom name XML Security High
Vendor jar package name xml Low
Vendor gradle groupid org.apache.santuario Highest
Vendor manifest: xmlsec Implementation-Vendor Apache Software Foundation Medium
Vendor pom organization name The Apache Software Foundation High
Vendor pom description Apache XML Security supports XML-Signature Syntax and Processing, W3C Recommendation 12 February 2002, and XML Encryption Syntax and Processing, W3C Recommendation 10 December 2002. As of version 1.4, the Java library supports the standard Java API JSR-105: XML Digital Signature APIs. Low
Product gradle artifactid xmlsec Highest
Product jar package name security Low
Product file name xmlsec High
Product pom url http://santuario.apache.org/ Medium
Product pom name XML Security High
Product jar package name xml Low
Product pom organization url http://www.apache.org/ Low
Product pom artifactid xmlsec Highest
Product central artifactid xmlsec Highest
Product pom groupid apache.santuario Low
Product manifest: xmlsec Implementation-Title Apache-XML-Security-J Medium
Product pom description Apache XML Security supports XML-Signature Syntax and Processing, W3C Recommendation 12 February 2002, and XML Encryption Syntax and Processing, W3C Recommendation 10 December 2002. As of version 1.4, the Java library supports the standard Java API JSR-105: XML Digital Signature APIs. Low
Product pom organization name The Apache Software Foundation Low
Version pom version 1.4.3 Highest
Version file version 1.4.3 Highest
Version central version 1.4.3 Highest
Published Vulnerabilities
CVE-2013-4517 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors
Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service (memory consumption) via crafted Document Type Definitions (DTDs), related to signatures.
Vulnerable Software & Versions: (show all )
opensaml-1.1b.jar
Description:
The OpenSAML-J library provides tools to support developers working with the Security Assertion Markup Language
(SAML).
License:
Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.opensaml\opensaml\1.1b\21ec22368b6baa211a29887e162aa4cf9a8f3c60\opensaml-1.1b.jar
MD5: b540669844849b8d8fad3336edf41dca
SHA1: 21ec22368b6baa211a29887e162aa4cf9a8f3c60
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom name OpenSAML-J High
Vendor pom description The OpenSAML-J library provides tools to support developers working with the Security Assertion Markup Language (SAML). Low
Vendor hint analyzer vendor shibboleth Highest
Vendor gradle groupid org.opensaml Highest
Vendor file name opensaml High
Vendor central groupid org.opensaml High
Vendor pom groupid opensaml Highest
Vendor jar package name opensaml Low
Vendor pom organization name Internet2 High
Vendor pom url https://opensaml.org/ Highest
Vendor pom artifactid opensaml1 Low
Vendor pom organization url http://www.internet2.edu/ Medium
Product gradle artifactid opensaml Highest
Product pom name OpenSAML-J High
Product pom description The OpenSAML-J library provides tools to support developers working with the Security Assertion Markup Language (SAML). Low
Product file name opensaml High
Product central artifactid opensaml High
Product pom organization name Internet2 Low
Product pom artifactid opensaml1 Highest
Product hint analyzer product opensaml Highest
Product pom organization url http://www.internet2.edu/ Low
Product pom groupid opensaml Low
Product pom url https://opensaml.org/ Medium
Product central artifactid opensaml1 High
Version central version 1.1 High
Version file name opensaml Medium
Version pom version 1.1 Highest
Version file version 1.1b Highest
Version gradle version 1.1b Highest
Published Vulnerabilities
CVE-2013-6440 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure
The (1) BasicParserPool, (2) StaticBasicParserPool, (3) XML Decrypter, and (4) SAML Decrypter in Shibboleth OpenSAML-Java before 2.6.1 set the expandEntityReferences property to true, which allows remote attackers to conduct XML external entity (XXE) attacks via a crafted XML DOCTYPE declaration.
Vulnerable Software & Versions: (show all )
persistence-api-1.0.jar
Description:
The Enterprise JavaBeans architecture is a component architecture for the development and deployment of component-based business applications.
The purpose of Enterprise JavaBeans (EJB) 3.0 is to improve the EJB architecture by reducing its complexity from the developer's point of view.
License:
Common Development and Distribution License (CDDL) v1.0: http://www.sun.com/cddl/cddl.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\javax.persistence\persistence-api\1.0\5725f57873e05e068803e2bf9d5a8ea3740ffec5\persistence-api-1.0.jar
MD5: aeb56ad8210370d0cd5c0e995eb0d16c
SHA1: 5725f57873e05e068803e2bf9d5a8ea3740ffec5
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name javax Low
Vendor pom name Enterprise JavaBeans (EJB) 3.0 High
Vendor pom url http://www.jcp.org/en/jsr/detail?id=220 Highest
Vendor jar package name persistence Low
Vendor pom groupid javax.persistence Highest
Vendor file name persistence-api High
Vendor pom artifactid persistence-api Low
Vendor central groupid javax.persistence Highest
Vendor Manifest specification-vendor Sun Microsystems, Inc., Oracle Corp. Low
Vendor pom description The Enterprise JavaBeans architecture is a component architecture for the development and deployment of component-based business applications. The purpose of Enterprise JavaBeans (EJB) 3.0 is to improve the EJB architecture by reducing its complexity from the developer's point of view. Low
Vendor Manifest Implementation-Vendor-Id javax.persistence Medium
Vendor gradle groupid javax.persistence Highest
Vendor Manifest extension-name javax.persistence Medium
Vendor Manifest Implementation-Vendor Sun Microsystems, Inc., Oracle Corp. High
Product pom artifactid persistence-api Highest
Product pom name Enterprise JavaBeans (EJB) 3.0 High
Product gradle artifactid persistence-api Highest
Product Manifest specification-title Java Platform, Persistence Specification Medium
Product pom description The Enterprise JavaBeans architecture is a component architecture for the development and deployment of component-based business applications. The purpose of Enterprise JavaBeans (EJB) 3.0 is to improve the EJB architecture by reducing its complexity from the developer's point of view. Low
Product pom groupid javax.persistence Low
Product jar package name persistence Low
Product pom url http://www.jcp.org/en/jsr/detail?id=220 Medium
Product Manifest extension-name javax.persistence Medium
Product file name persistence-api High
Product central artifactid persistence-api Highest
Version Manifest Implementation-Version 1.0 High
Version pom version 1.0 Highest
Version central version 1.0 Highest
Version file version 1.0 Highest
xmldsig-1.0.jar
License:
hynnet.com: http://www.hynnet.com/licenses/LICENSE-1.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\javax.xml\xmldsig\1.0\9312ad67022b4dec8df8689d0b7dbac9cd612525\xmldsig-1.0.jar
MD5: 563644fef6e9f3c8c5d78b84b4a5b95a
SHA1: 9312ad67022b4dec8df8689d0b7dbac9cd612525
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name javax Low
Vendor pom parent-artifactid hynnet Low
Vendor gradle groupid javax.xml Highest
Vendor pom artifactid jasper-xml-dsig Low
Vendor file name xmldsig High
Vendor Manifest specification-vendor Sun Microsystems and IBM Low
Vendor jar package name xml Low
Vendor pom url http://maven.hynnet.com Highest
Vendor central groupid com.hynnet High
Vendor pom parent-groupid com.hynnet Medium
Vendor pom groupid hynnet Highest
Vendor jar package name crypto Low
Vendor pom name Jasper XML Digital Signature library High
Vendor Manifest extension-name javax.xml.crypto.dsig Medium
Vendor Manifest Implementation-Vendor Sun Microsystems and IBM High
Product central artifactid jasper-xml-dsig High
Product pom parent-artifactid hynnet Medium
Product pom groupid hynnet Low
Product pom parent-groupid com.hynnet Low
Product file name xmldsig High
Product jar package name dsig Low
Product Manifest Implementation-Title JSR 105 Implementation High
Product jar package name xml Low
Product gradle artifactid xmldsig Highest
Product Manifest specification-title Java(TM) XML Digital Signature API Medium
Product jar package name crypto Low
Product pom name Jasper XML Digital Signature library High
Product pom url http://maven.hynnet.com Medium
Product Manifest extension-name javax.xml.crypto.dsig Medium
Product pom artifactid jasper-xml-dsig Highest
Version pom version 1.0.1 Highest
Version central version 1.0.0 High
Version Manifest Implementation-Version 1.0.1 High
Version central version 1.0.1 High
Published Vulnerabilities
CVE-2014-8137 suppress
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file.
Vulnerable Software & Versions:
CVE-2014-8157 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-189 Numeric Errors
Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow.
Vulnerable Software & Versions:
CVE-2014-8158 suppress
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image.
Vulnerable Software & Versions:
CVE-2014-9029 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-189 Numeric Errors
Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote attackers to execute arbitrary code via a crafted jp2 file, which triggers a heap-based buffer overflow.
Vulnerable Software & Versions:
CVE-2015-5221 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-416 Use After Free
Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.
Vulnerable Software & Versions:
CVE-2016-10248 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-476 NULL Pointer Dereference
The jpc_tsfb_synthesize function in jpc_tsfb.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) via vectors involving an empty sequence.
Vulnerable Software & Versions:
CVE-2016-10249 suppress
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-190 Integer Overflow or Wraparound
Integer overflow in the jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.12 allows remote attackers to have unspecified impact via a crafted image file, which triggers a heap-based buffer overflow.
Vulnerable Software & Versions:
CVE-2016-10250 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-476 NULL Pointer Dereference
The jp2_colr_destroy function in jp2_cod.c in JasPer before 1.900.13 allows remote attackers to cause a denial of service (NULL pointer dereference) by leveraging incorrect cleanup of JP2 box data on error. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8887.
Vulnerable Software & Versions:
CVE-2016-10251 suppress
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-190 Integer Overflow or Wraparound
Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in JasPer before 1.900.20 allows remote attackers to have unspecified impact via a crafted file, which triggers use of an uninitialized value.
Vulnerable Software & Versions:
CVE-2016-1577 suppress
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file, a different vulnerability than CVE-2014-8137.
Vulnerable Software & Versions:
CVE-2016-2116 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors
Memory leak in the jas_iccprof_createfrombuf function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG 2000 image file.
Vulnerable Software & Versions:
CVE-2016-8690 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-476 NULL Pointer Dereference
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted BMP image in an imginfo command.
Vulnerable Software & Versions:
CVE-2016-8691 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-369 Divide By Zero
The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted XRsiz value in a BMP image to the imginfo command.
Vulnerable Software & Versions:
CVE-2016-8692 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-369 Divide By Zero
The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted YRsiz value in a BMP image to the imginfo command.
Vulnerable Software & Versions:
CVE-2016-8693 suppress
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-415 Double Free
Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command.
Vulnerable Software & Versions:
CVE-2016-8882 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-476 NULL Pointer Dereference
The jpc_dec_tilefini function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.
Vulnerable Software & Versions:
CVE-2016-8883 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors
The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
Vulnerable Software & Versions:
CVE-2016-8885 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-476 NULL Pointer Dereference
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image.
Vulnerable Software & Versions:
CVE-2016-8886 suppress
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The jas_malloc function in libjasper/base/jas_malloc.c in JasPer before 1.900.11 allows remote attackers to have unspecified impact via a crafted file, which triggers a memory allocation failure.
Vulnerable Software & Versions:
CVE-2016-8887 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-476 NULL Pointer Dereference
The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference).
Vulnerable Software & Versions:
CVE-2016-9262 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-190 Integer Overflow or Wraparound
Multiple integer overflows in the (1) jas_realloc function in base/jas_malloc.c and (2) mem_resize function in base/jas_stream.c in JasPer before 1.900.22 allow remote attackers to cause a denial of service via a crafted image, which triggers use after free vulnerabilities.
Vulnerable Software & Versions:
CVE-2016-9387 suppress
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-190 Integer Overflow or Wraparound
Integer overflow in the jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.13 allows remote attackers to have unspecified impact via a crafted file, which triggers an assertion failure.
Vulnerable Software & Versions:
CVE-2016-9389 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
The jpc_irct and jpc_iict functions in jpc_mct.c in JasPer before 1.900.14 allow remote attackers to cause a denial of service (assertion failure).
Vulnerable Software & Versions:
CVE-2016-9390 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation
The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file.
Vulnerable Software & Versions:
CVE-2016-9391 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
The jpc_bitstream_getbits function in jpc_bs.c in JasPer before 2.0.10 allows remote attackers to cause a denial of service (assertion failure) via a very large integer.
Vulnerable Software & Versions:
CVE-2016-9392 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
The calcstepsizes function in jpc_dec.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
Vulnerable Software & Versions:
CVE-2016-9394 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation
The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
Vulnerable Software & Versions:
CVE-2016-9395 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation
The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
Vulnerable Software & Versions:
CVE-2016-9396 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in JasPer through 2.0.12 allows remote attackers to cause a denial of service (JPC_COX_RFT assertion failure) via unspecified vectors.
Vulnerable Software & Versions:
CVE-2016-9398 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.
Vulnerable Software & Versions:
CVE-2016-9557 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-190 Integer Overflow or Wraparound
Integer overflow in jas_image.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (application crash) via a crafted file.
Vulnerable Software & Versions:
CVE-2016-9560 suppress
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a crafted image.
Vulnerable Software & Versions:
CVE-2017-6850 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-476 NULL Pointer Dereference
The jp2_cdef_destroy function in jp2_cod.c in JasPer before 2.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image.
Vulnerable Software & Versions:
CVE-2017-6851 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-125 Out-of-bounds Read
The jas_matrix_bindsub function in jas_seq.c in JasPer 2.0.10 allows remote attackers to cause a denial of service (invalid read) via a crafted image.
Vulnerable Software & Versions:
CVE-2017-6852 suppress
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Heap-based buffer overflow in the jpc_dec_decodepkt function in jpc_t2dec.c in JasPer 2.0.10 allows remote attackers to have unspecified impact via a crafted image.
Vulnerable Software & Versions:
inspektr-core-0.7.0.jar
Description: Inspektr Core
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.inspektr\inspektr-core\0.7.0\1d6851b0970de19593e8cdcbf7e593ca5c2db324\inspektr-core-0.7.0.jar
MD5: 36528ac75d74ab43a13aad6055146d60
SHA1: 1d6851b0970de19593e8cdcbf7e593ca5c2db324
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom artifactid inspektr-core Low
Vendor pom parent-artifactid inspektr Low
Vendor gradle groupid org.inspektr Highest
Vendor pom parent-groupid org.inspektr Medium
Vendor pom description Inspektr Core Medium
Vendor Manifest Implementation-Vendor-Id org.inspektr Medium
Vendor pom groupid inspektr Highest
Vendor file name inspektr-core High
Vendor pom name Inspektr Core High
Product pom parent-artifactid inspektr Medium
Product pom description Inspektr Core Medium
Product pom parent-groupid org.inspektr Low
Product Manifest Implementation-Title Inspektr Core High
Product file name inspektr-core High
Product gradle artifactid inspektr-core Highest
Product pom groupid inspektr Low
Product pom name Inspektr Core High
Product pom artifactid inspektr-core Highest
Version Manifest Implementation-Version 0.7.0 High
Version pom version 0.7.0 Highest
Version file version 0.7.0 Highest
maven: org.inspektr:inspektr-core:0.7.0
Confidence :Highest
spring-webflow-1.0.6.jar
Description: Spring Web Flow
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.springframework\spring-webflow\1.0.6\73a9cef54005fe7c23947f13300eb0e0bf0f265a\spring-webflow-1.0.6.jar
MD5: 29723d7337b93020528ced714cf7a364
SHA1: 73a9cef54005fe7c23947f13300eb0e0bf0f265a
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor hint analyzer vendor pivotal software High
Vendor hint analyzer vendor SpringSource High
Vendor pom artifactid spring-webflow Low
Vendor pom url http://www.springframework.org Highest
Vendor jar package name springframework Low
Vendor pom description Spring Web Flow Medium
Vendor pom organization url http://www.springframework.org/ Medium
Vendor Manifest Implementation-Vendor springframework.org High
Vendor pom groupid springframework Highest
Vendor jar package name webflow Low
Vendor pom organization name Spring Framework High
Vendor hint analyzer vendor vmware High
Vendor central groupid org.springframework Highest
Vendor file name spring-webflow High
Vendor pom name Spring Web Flow High
Vendor gradle groupid org.springframework Highest
Product pom organization url http://www.springframework.org/ Low
Product pom description Spring Web Flow Medium
Product pom url http://www.springframework.org Medium
Product jar package name webflow Low
Product pom organization name Spring Framework Low
Product Manifest Implementation-Title Spring Web Flow High
Product central artifactid spring-webflow Highest
Product pom artifactid spring-webflow Highest
Product pom groupid springframework Low
Product hint analyzer product springsource_spring_framework High
Product file name spring-webflow High
Product gradle artifactid spring-webflow Highest
Product pom name Spring Web Flow High
Version pom version 1.0.6 Highest
Version central version 1.0.6 Highest
Version file version 1.0.6 Highest
Version Manifest Implementation-Version 1.0.6 High
cpe: cpe:/a:pivotal:spring_framework:1.0.6
Confidence :Low
suppress
cpe: cpe:/a:vmware:springsource_spring_framework:1.0.6
Confidence :Low
suppress
cpe: cpe:/a:pivotal:spring_web_flow:1.0.6
Confidence :Low
suppress
cpe: cpe:/a:pivotal_software:spring_framework:1.0.6
Confidence :Low
suppress
cpe: cpe:/a:springsource:spring_framework:1.0.6
Confidence :Low
suppress
maven: org.springframework:spring-webflow:1.0.6 ✓
Confidence :Highest
Published Vulnerabilities
CVE-2011-2730 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-16 Configuration
VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language (EL), evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a (1) name attribute in a (a) spring:hasBindErrors tag; (2) path attribute in a (b) spring:bind or (c) spring:nestedpath tag; (3) arguments, (4) code, (5) text, (6) var, (7) scope, or (8) message attribute in a (d) spring:message or (e) spring:theme tag; or (9) var, (10) scope, or (11) value attribute in a (f) spring:transform tag, aka "Expression Language Injection."
Vulnerable Software & Versions: (show all )
CVE-2013-4152 suppress
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.
Vulnerable Software & Versions: (show all )
CVE-2013-6429 suppress
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315.
Vulnerable Software & Versions: (show all )
CVE-2013-7315 suppress
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152. NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions.
Vulnerable Software & Versions: (show all )
CVE-2014-0054 suppress
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-352
The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429.
Vulnerable Software & Versions: (show all )
CVE-2014-1904 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action.
Vulnerable Software & Versions: (show all )
CVE-2016-9878 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.
Vulnerable Software & Versions: (show all )
lucene-queries-7.1.0.jar
Description: Lucene Queries Module
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.lucene\lucene-queries\7.1.0\1554920ab207a3245fa408d022a5c90ad3a1fea3\lucene-queries-7.1.0.jar
MD5: 72bc3196047a59b33785440b03d43d74
SHA1: 1554920ab207a3245fa408d022a5c90ad3a1fea3
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest extension-name org.apache.lucene Medium
Vendor jar package name apache Low
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor central groupid org.apache.lucene Highest
Vendor pom name Lucene Queries High
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor gradle groupid org.apache.lucene Highest
Vendor pom description Lucene Queries Module Medium
Vendor jar package name queries Low
Vendor pom groupid apache.lucene Highest
Vendor pom parent-artifactid lucene-parent Low
Vendor file name lucene-queries High
Vendor pom parent-groupid org.apache.lucene Medium
Vendor jar package name lucene Low
Vendor pom artifactid lucene-queries Low
Product Manifest extension-name org.apache.lucene Medium
Product central artifactid lucene-queries Highest
Product pom name Lucene Queries High
Product pom groupid apache.lucene Low
Product Manifest Implementation-Title org.apache.lucene High
Product pom artifactid lucene-queries Highest
Product pom description Lucene Queries Module Medium
Product gradle artifactid lucene-queries Highest
Product jar package name function Low
Product jar package name queries Low
Product file name lucene-queries High
Product Manifest specification-title Lucene Search Engine: queries Medium
Product pom parent-artifactid lucene-parent Medium
Product jar package name lucene Low
Product pom parent-groupid org.apache.lucene Low
Version pom version 7.1.0 Highest
Version file version 7.1.0 Highest
Version central version 7.1.0 Highest
lucene-sandbox-7.1.0.jar
Description: Lucene Sandbox
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.lucene\lucene-sandbox\7.1.0\691f7b9ac05f3ad2ac7e80733ef70247904bd3ae\lucene-sandbox-7.1.0.jar
MD5: f20f2a24fb341e881da0fe6476e5d5f6
SHA1: 691f7b9ac05f3ad2ac7e80733ef70247904bd3ae
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest extension-name org.apache.lucene Medium
Vendor jar package name apache Low
Vendor file name lucene-sandbox High
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor central groupid org.apache.lucene Highest
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor gradle groupid org.apache.lucene Highest
Vendor pom groupid apache.lucene Highest
Vendor pom artifactid lucene-sandbox Low
Vendor pom parent-artifactid lucene-parent Low
Vendor pom parent-groupid org.apache.lucene Medium
Vendor pom name Lucene Sandbox High
Vendor pom description Lucene Sandbox Medium
Vendor jar package name lucene Low
Product Manifest extension-name org.apache.lucene Medium
Product central artifactid lucene-sandbox Highest
Product Manifest specification-title Lucene Search Engine: sandbox Medium
Product file name lucene-sandbox High
Product gradle artifactid lucene-sandbox Highest
Product pom groupid apache.lucene Low
Product Manifest Implementation-Title org.apache.lucene High
Product pom artifactid lucene-sandbox Highest
Product pom name Lucene Sandbox High
Product pom description Lucene Sandbox Medium
Product pom parent-artifactid lucene-parent Medium
Product jar package name lucene Low
Product pom parent-groupid org.apache.lucene Low
Version pom version 7.1.0 Highest
Version file version 7.1.0 Highest
Version central version 7.1.0 Highest
xmlbeans-2.6.0.jar
Description: XmlBeans main jar
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlbeans\xmlbeans\2.6.0\29e80d2dd51f9dcdef8f9ffaee0d4dc1c9bbfc87\xmlbeans-2.6.0.jar
MD5: 6591c08682d613194dacb01e95c78c2c
SHA1: 29e80d2dd51f9dcdef8f9ffaee0d4dc1c9bbfc87
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name apache Low
Vendor pom description XmlBeans main jar Medium
Vendor pom organization name XmlBeans High
Vendor central groupid org.apache.xmlbeans Highest
Vendor jar package name xmlbeans Low
Vendor pom groupid apache.xmlbeans Highest
Vendor pom name XmlBeans High
Vendor gradle groupid org.apache.xmlbeans Highest
Vendor file name xmlbeans High
Vendor pom artifactid xmlbeans Low
Vendor pom organization url http://xmlbeans.apache.org/ Medium
Vendor manifest: org/apache/xmlbeans/ Implementation-Vendor Apache Software Foundation Medium
Vendor pom url http://xmlbeans.apache.org Highest
Vendor jar package name impl Low
Product pom description XmlBeans main jar Medium
Product pom artifactid xmlbeans Highest
Product jar package name xmlbeans Low
Product manifest: org/apache/xmlbeans/ Implementation-Title org.apache.xmlbeans Medium
Product pom organization name XmlBeans Low
Product pom organization url http://xmlbeans.apache.org/ Low
Product pom groupid apache.xmlbeans Low
Product pom name XmlBeans High
Product file name xmlbeans High
Product central artifactid xmlbeans Highest
Product gradle artifactid xmlbeans Highest
Product pom url http://xmlbeans.apache.org Medium
Product jar package name impl Low
Version central version 2.6.0 Highest
Version pom version 2.6.0 Highest
Version file version 2.6.0 Highest
lucene-analyzers-kuromoji-7.1.0.jar
Description:
Lucene Kuromoji Japanese Morphological Analyzer
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.lucene\lucene-analyzers-kuromoji\7.1.0\a2ca81efc31d857fa2ade104dcdb3fed20c95ea0\lucene-analyzers-kuromoji-7.1.0.jar
MD5: 0075b59c0abdda7ed1469f2e584a951a
SHA1: a2ca81efc31d857fa2ade104dcdb3fed20c95ea0
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest extension-name org.apache.lucene Medium
Vendor pom description
Lucene Kuromoji Japanese Morphological Analyzer
Medium
Vendor jar package name apache Low
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor central groupid org.apache.lucene Highest
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor gradle groupid org.apache.lucene Highest
Vendor file name lucene-analyzers-kuromoji High
Vendor pom artifactid lucene-analyzers-kuromoji Low
Vendor pom groupid apache.lucene Highest
Vendor pom parent-artifactid lucene-parent Low
Vendor pom parent-groupid org.apache.lucene Medium
Vendor jar package name analysis Low
Vendor jar package name lucene Low
Vendor pom name Lucene Kuromoji Japanese Morphological Analyzer High
Product Manifest extension-name org.apache.lucene Medium
Product pom description
Lucene Kuromoji Japanese Morphological Analyzer
Medium
Product pom artifactid lucene-analyzers-kuromoji Highest
Product central artifactid lucene-analyzers-kuromoji Highest
Product pom groupid apache.lucene Low
Product Manifest Implementation-Title org.apache.lucene High
Product gradle artifactid lucene-analyzers-kuromoji Highest
Product Manifest specification-title Lucene Search Engine: analyzers-kuromoji Medium
Product jar package name ja Low
Product file name lucene-analyzers-kuromoji High
Product jar package name analysis Low
Product pom parent-artifactid lucene-parent Medium
Product jar package name lucene Low
Product pom name Lucene Kuromoji Japanese Morphological Analyzer High
Product pom parent-groupid org.apache.lucene Low
Version pom version 7.1.0 Highest
Version file version 7.1.0 Highest
Version central version 7.1.0 Highest
lucene-analyzers-phonetic-7.1.0.jar
Description:
Provides phonetic encoding via Commons Codec.
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.lucene\lucene-analyzers-phonetic\7.1.0\42058220ada77c4c5340e8383f62a4398e10a8ce\lucene-analyzers-phonetic-7.1.0.jar
MD5: 24547f636c3636bfcb23ff6c948e7fd9
SHA1: 42058220ada77c4c5340e8383f62a4398e10a8ce
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest extension-name org.apache.lucene Medium
Vendor pom artifactid lucene-analyzers-phonetic Low
Vendor jar package name apache Low
Vendor file name lucene-analyzers-phonetic High
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor central groupid org.apache.lucene Highest
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom name Lucene Phonetic Filters High
Vendor gradle groupid org.apache.lucene Highest
Vendor pom groupid apache.lucene Highest
Vendor pom parent-artifactid lucene-parent Low
Vendor pom parent-groupid org.apache.lucene Medium
Vendor jar package name analysis Low
Vendor jar package name lucene Low
Vendor pom description
Provides phonetic encoding via Commons Codec.
Medium
Product Manifest extension-name org.apache.lucene Medium
Product file name lucene-analyzers-phonetic High
Product jar package name phonetic Low
Product pom groupid apache.lucene Low
Product Manifest specification-title Lucene Search Engine: analyzers-phonetic Medium
Product pom name Lucene Phonetic Filters High
Product Manifest Implementation-Title org.apache.lucene High
Product gradle artifactid lucene-analyzers-phonetic Highest
Product pom artifactid lucene-analyzers-phonetic Highest
Product central artifactid lucene-analyzers-phonetic Highest
Product jar package name analysis Low
Product pom parent-artifactid lucene-parent Medium
Product jar package name lucene Low
Product pom description
Provides phonetic encoding via Commons Codec.
Medium
Product pom parent-groupid org.apache.lucene Low
Version pom version 7.1.0 Highest
Version file version 7.1.0 Highest
Version central version 7.1.0 Highest
lucene-backward-codecs-7.1.0.jar
Description:
Codecs for older versions of Lucene.
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.lucene\lucene-backward-codecs\7.1.0\804a7ce82bba3d085733486bfde4846ecb77ce01\lucene-backward-codecs-7.1.0.jar
MD5: bc35ee793edb587b4c88709785163377
SHA1: 804a7ce82bba3d085733486bfde4846ecb77ce01
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest extension-name org.apache.lucene Medium
Vendor jar package name apache Low
Vendor file name lucene-backward-codecs High
Vendor pom description
Codecs for older versions of Lucene.
Medium
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor central groupid org.apache.lucene Highest
Vendor pom artifactid lucene-backward-codecs Low
Vendor pom name Lucene Memory High
Vendor jar package name codecs Low
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor gradle groupid org.apache.lucene Highest
Vendor pom groupid apache.lucene Highest
Vendor pom parent-artifactid lucene-parent Low
Vendor pom parent-groupid org.apache.lucene Medium
Vendor jar package name lucene Low
Product Manifest extension-name org.apache.lucene Medium
Product file name lucene-backward-codecs High
Product central artifactid lucene-backward-codecs Highest
Product pom description
Codecs for older versions of Lucene.
Medium
Product pom name Lucene Memory High
Product gradle artifactid lucene-backward-codecs Highest
Product jar package name codecs Low
Product pom groupid apache.lucene Low
Product Manifest Implementation-Title org.apache.lucene High
Product Manifest specification-title Lucene Search Engine: backward-codecs Medium
Product jar package name lucene54 Low
Product pom artifactid lucene-backward-codecs Highest
Product pom parent-artifactid lucene-parent Medium
Product jar package name lucene Low
Product pom parent-groupid org.apache.lucene Low
Version pom version 7.1.0 Highest
Version file version 7.1.0 Highest
Version central version 7.1.0 Highest
lucene-classification-7.1.0.jar
Description: Lucene Classification
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.lucene\lucene-classification\7.1.0\900b0195bb95adb773a23e87319bbfe41d312283\lucene-classification-7.1.0.jar
MD5: 59b570055252ddd34df2c75995fa2ba0
SHA1: 900b0195bb95adb773a23e87319bbfe41d312283
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest extension-name org.apache.lucene Medium
Vendor pom name Lucene Classification High
Vendor jar package name apache Low
Vendor pom description Lucene Classification Medium
Vendor file name lucene-classification High
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor central groupid org.apache.lucene Highest
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor gradle groupid org.apache.lucene Highest
Vendor jar package name classification Low
Vendor pom groupid apache.lucene Highest
Vendor pom parent-artifactid lucene-parent Low
Vendor pom parent-groupid org.apache.lucene Medium
Vendor pom artifactid lucene-classification Low
Vendor jar package name lucene Low
Product Manifest extension-name org.apache.lucene Medium
Product pom name Lucene Classification High
Product central artifactid lucene-classification Highest
Product pom description Lucene Classification Medium
Product file name lucene-classification High
Product pom artifactid lucene-classification Highest
Product pom groupid apache.lucene Low
Product Manifest Implementation-Title org.apache.lucene High
Product jar package name classification Low
Product gradle artifactid lucene-classification Highest
Product Manifest specification-title Lucene Search Engine: classification Medium
Product pom parent-artifactid lucene-parent Medium
Product jar package name lucene Low
Product pom parent-groupid org.apache.lucene Low
Version pom version 7.1.0 Highest
Version file version 7.1.0 Highest
Version central version 7.1.0 Highest
lucene-codecs-7.1.0.jar
Description:
Codecs and postings formats for Apache Lucene.
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.lucene\lucene-codecs\7.1.0\b487621541f5a17946cf1ed634e5f48c802c6d28\lucene-codecs-7.1.0.jar
MD5: 3a38b7059f76048a180c1ee1206494ba
SHA1: b487621541f5a17946cf1ed634e5f48c802c6d28
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest extension-name org.apache.lucene Medium
Vendor jar package name apache Low
Vendor pom description
Codecs and postings formats for Apache Lucene.
Medium
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor central groupid org.apache.lucene Highest
Vendor jar package name codecs Low
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom name Lucene codecs High
Vendor gradle groupid org.apache.lucene Highest
Vendor pom groupid apache.lucene Highest
Vendor pom parent-artifactid lucene-parent Low
Vendor pom parent-groupid org.apache.lucene Medium
Vendor file name lucene-codecs High
Vendor jar package name lucene Low
Vendor pom artifactid lucene-codecs Low
Product Manifest extension-name org.apache.lucene Medium
Product pom description
Codecs and postings formats for Apache Lucene.
Medium
Product pom artifactid lucene-codecs Highest
Product jar package name codecs Low
Product pom groupid apache.lucene Low
Product Manifest Implementation-Title org.apache.lucene High
Product central artifactid lucene-codecs Highest
Product pom name Lucene codecs High
Product gradle artifactid lucene-codecs Highest
Product file name lucene-codecs High
Product pom parent-artifactid lucene-parent Medium
Product Manifest specification-title Lucene Search Engine: codecs Medium
Product jar package name lucene Low
Product pom parent-groupid org.apache.lucene Low
Version pom version 7.1.0 Highest
Version file version 7.1.0 Highest
Version central version 7.1.0 Highest
lucene-expressions-7.1.0.jar
Description:
Dynamically computed values to sort/facet/search on based on a pluggable grammar.
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.lucene\lucene-expressions\7.1.0\714927eb1d1db641bff9aa658e7e112c368f3e6d\lucene-expressions-7.1.0.jar
MD5: 53770687f1ea2a2d9ac426cb764bbdda
SHA1: 714927eb1d1db641bff9aa658e7e112c368f3e6d
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest extension-name org.apache.lucene Medium
Vendor jar package name apache Low
Vendor pom name Lucene Expressions High
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor central groupid org.apache.lucene Highest
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor file name lucene-expressions High
Vendor gradle groupid org.apache.lucene Highest
Vendor pom artifactid lucene-expressions Low
Vendor jar package name expressions Low
Vendor pom groupid apache.lucene Highest
Vendor pom parent-artifactid lucene-parent Low
Vendor pom parent-groupid org.apache.lucene Medium
Vendor pom description
Dynamically computed values to sort/facet/search on based on a pluggable grammar.
Medium
Vendor jar package name lucene Low
Product Manifest extension-name org.apache.lucene Medium
Product pom name Lucene Expressions High
Product gradle artifactid lucene-expressions Highest
Product Manifest specification-title Lucene Search Engine: expressions Medium
Product pom groupid apache.lucene Low
Product Manifest Implementation-Title org.apache.lucene High
Product file name lucene-expressions High
Product jar package name js Low
Product jar package name expressions Low
Product pom artifactid lucene-expressions Highest
Product pom description
Dynamically computed values to sort/facet/search on based on a pluggable grammar.
Medium
Product central artifactid lucene-expressions Highest
Product pom parent-artifactid lucene-parent Medium
Product jar package name lucene Low
Product pom parent-groupid org.apache.lucene Low
Version pom version 7.1.0 Highest
Version file version 7.1.0 Highest
Version central version 7.1.0 Highest
lucene-grouping-7.1.0.jar
Description: Lucene Grouping Module
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.lucene\lucene-grouping\7.1.0\732d16c16421fca058a2a07ca4081ec7696365b\lucene-grouping-7.1.0.jar
MD5: c123dcc588610ac2eaab205c97ddecf0
SHA1: 0732d16c16421fca058a2a07ca4081ec7696365b
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest extension-name org.apache.lucene Medium
Vendor jar package name search Low
Vendor pom description Lucene Grouping Module Medium
Vendor jar package name apache Low
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor central groupid org.apache.lucene Highest
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor gradle groupid org.apache.lucene Highest
Vendor pom name Lucene Grouping High
Vendor file name lucene-grouping High
Vendor pom groupid apache.lucene Highest
Vendor pom parent-artifactid lucene-parent Low
Vendor pom parent-groupid org.apache.lucene Medium
Vendor jar package name lucene Low
Vendor pom artifactid lucene-grouping Low
Product Manifest extension-name org.apache.lucene Medium
Product jar package name search Low
Product pom description Lucene Grouping Module Medium
Product gradle artifactid lucene-grouping Highest
Product pom groupid apache.lucene Low
Product Manifest Implementation-Title org.apache.lucene High
Product jar package name grouping Low
Product Manifest specification-title Lucene Search Engine: grouping Medium
Product pom name Lucene Grouping High
Product central artifactid lucene-grouping Highest
Product pom artifactid lucene-grouping Highest
Product file name lucene-grouping High
Product pom parent-artifactid lucene-parent Medium
Product jar package name lucene Low
Product pom parent-groupid org.apache.lucene Low
Version pom version 7.1.0 Highest
Version file version 7.1.0 Highest
Version central version 7.1.0 Highest
lucene-highlighter-7.1.0.jar
Description:
This is the highlighter for apache lucene java
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.lucene\lucene-highlighter\7.1.0\596550daabae765ad685112e0fe7c4f0fdfccb3f\lucene-highlighter-7.1.0.jar
MD5: 1c120c9eef825b5361a17ecc5762de84
SHA1: 596550daabae765ad685112e0fe7c4f0fdfccb3f
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest extension-name org.apache.lucene Medium
Vendor jar package name search Low
Vendor jar package name apache Low
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor central groupid org.apache.lucene Highest
Vendor pom description
This is the highlighter for apache lucene java
Medium
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor gradle groupid org.apache.lucene Highest
Vendor pom artifactid lucene-highlighter Low
Vendor pom name Lucene Highlighter High
Vendor pom groupid apache.lucene Highest
Vendor pom parent-artifactid lucene-parent Low
Vendor pom parent-groupid org.apache.lucene Medium
Vendor jar package name lucene Low
Vendor file name lucene-highlighter High
Product Manifest extension-name org.apache.lucene Medium
Product jar package name search Low
Product pom artifactid lucene-highlighter Highest
Product central artifactid lucene-highlighter Highest
Product pom description
This is the highlighter for apache lucene java
Medium
Product pom groupid apache.lucene Low
Product Manifest Implementation-Title org.apache.lucene High
Product gradle artifactid lucene-highlighter Highest
Product Manifest specification-title Lucene Search Engine: highlighter Medium
Product pom name Lucene Highlighter High
Product pom parent-artifactid lucene-parent Medium
Product jar package name lucene Low
Product file name lucene-highlighter High
Product pom parent-groupid org.apache.lucene Low
Version pom version 7.1.0 Highest
Version file version 7.1.0 Highest
Version central version 7.1.0 Highest
lucene-join-7.1.0.jar
Description: Lucene Join Module
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.lucene\lucene-join\7.1.0\5f26dd64c195258a81175772ef7fe105e7d60a26\lucene-join-7.1.0.jar
MD5: 1ba5daa56d970332cb818c825edf0615
SHA1: 5f26dd64c195258a81175772ef7fe105e7d60a26
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest extension-name org.apache.lucene Medium
Vendor pom artifactid lucene-join Low
Vendor jar package name search Low
Vendor jar package name apache Low
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor central groupid org.apache.lucene Highest
Vendor pom name Lucene Join High
Vendor file name lucene-join High
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom description Lucene Join Module Medium
Vendor gradle groupid org.apache.lucene Highest
Vendor pom groupid apache.lucene Highest
Vendor pom parent-artifactid lucene-parent Low
Vendor pom parent-groupid org.apache.lucene Medium
Vendor jar package name lucene Low
Product Manifest extension-name org.apache.lucene Medium
Product jar package name search Low
Product gradle artifactid lucene-join Highest
Product jar package name join Low
Product pom name Lucene Join High
Product file name lucene-join High
Product pom groupid apache.lucene Low
Product Manifest Implementation-Title org.apache.lucene High
Product central artifactid lucene-join Highest
Product pom description Lucene Join Module Medium
Product pom artifactid lucene-join Highest
Product pom parent-artifactid lucene-parent Medium
Product jar package name lucene Low
Product Manifest specification-title Lucene Search Engine: join Medium
Product pom parent-groupid org.apache.lucene Low
Version pom version 7.1.0 Highest
Version file version 7.1.0 Highest
Version central version 7.1.0 Highest
lucene-memory-7.1.0.jar
Description:
High-performance single-document index to compare against Query
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.lucene\lucene-memory\7.1.0\3ef64c58d0c09ca40d848efa96b585b7476271f2\lucene-memory-7.1.0.jar
MD5: de862f74bb125a6fb87f5b45a6774b45
SHA1: 3ef64c58d0c09ca40d848efa96b585b7476271f2
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest extension-name org.apache.lucene Medium
Vendor jar package name apache Low
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor central groupid org.apache.lucene Highest
Vendor pom name Lucene Memory High
Vendor pom artifactid lucene-memory Low
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom description
High-performance single-document index to compare against Query
Medium
Vendor gradle groupid org.apache.lucene Highest
Vendor file name lucene-memory High
Vendor pom groupid apache.lucene Highest
Vendor pom parent-artifactid lucene-parent Low
Vendor pom parent-groupid org.apache.lucene Medium
Vendor jar package name index Low
Vendor jar package name lucene Low
Product Manifest extension-name org.apache.lucene Medium
Product pom name Lucene Memory High
Product pom groupid apache.lucene Low
Product pom description
High-performance single-document index to compare against Query
Medium
Product Manifest Implementation-Title org.apache.lucene High
Product jar package name memory Low
Product Manifest specification-title Lucene Search Engine: memory Medium
Product central artifactid lucene-memory Highest
Product pom artifactid lucene-memory Highest
Product file name lucene-memory High
Product jar package name index Low
Product gradle artifactid lucene-memory Highest
Product pom parent-artifactid lucene-parent Medium
Product jar package name lucene Low
Product pom parent-groupid org.apache.lucene Low
Version pom version 7.1.0 Highest
Version file version 7.1.0 Highest
Version central version 7.1.0 Highest
lucene-misc-7.1.0.jar
Description: Miscellaneous Lucene extensions
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.lucene\lucene-misc\7.1.0\1496ee5fa62206ee5ddf51042a340d6a9ee3b5de\lucene-misc-7.1.0.jar
MD5: 6e21bc419fdcec2e1f4ef5ad4b1010e0
SHA1: 1496ee5fa62206ee5ddf51042a340d6a9ee3b5de
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest extension-name org.apache.lucene Medium
Vendor jar package name apache Low
Vendor pom name Lucene Miscellaneous High
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor central groupid org.apache.lucene Highest
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor gradle groupid org.apache.lucene Highest
Vendor pom artifactid lucene-misc Low
Vendor pom description Miscellaneous Lucene extensions Medium
Vendor file name lucene-misc High
Vendor pom groupid apache.lucene Highest
Vendor pom parent-artifactid lucene-parent Low
Vendor pom parent-groupid org.apache.lucene Medium
Vendor jar package name lucene Low
Product Manifest extension-name org.apache.lucene Medium
Product pom artifactid lucene-misc Highest
Product pom name Lucene Miscellaneous High
Product pom groupid apache.lucene Low
Product Manifest Implementation-Title org.apache.lucene High
Product central artifactid lucene-misc Highest
Product pom description Miscellaneous Lucene extensions Medium
Product file name lucene-misc High
Product gradle artifactid lucene-misc Highest
Product Manifest specification-title Lucene Search Engine: misc Medium
Product pom parent-artifactid lucene-parent Medium
Product jar package name lucene Low
Product pom parent-groupid org.apache.lucene Low
Version pom version 7.1.0 Highest
Version file version 7.1.0 Highest
Version central version 7.1.0 Highest
lucene-spatial-extras-7.1.0.jar
Description:
Advanced Spatial Shape Strategies for Apache Lucene
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.lucene\lucene-spatial-extras\7.1.0\3f1bc1aada8f06b176b782da24b9d7ad9641c41a\lucene-spatial-extras-7.1.0.jar
MD5: 2963d683f65675c64dc53d2c7879cd9e
SHA1: 3f1bc1aada8f06b176b782da24b9d7ad9641c41a
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest extension-name org.apache.lucene Medium
Vendor jar package name apache Low
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor central groupid org.apache.lucene Highest
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor gradle groupid org.apache.lucene Highest
Vendor jar package name spatial Low
Vendor pom description
Advanced Spatial Shape Strategies for Apache Lucene
Medium
Vendor pom groupid apache.lucene Highest
Vendor pom parent-artifactid lucene-parent Low
Vendor pom name Lucene Spatial Extras High
Vendor pom parent-groupid org.apache.lucene Medium
Vendor pom artifactid lucene-spatial-extras Low
Vendor jar package name lucene Low
Vendor file name lucene-spatial-extras High
Product Manifest extension-name org.apache.lucene Medium
Product pom groupid apache.lucene Low
Product central artifactid lucene-spatial-extras Highest
Product Manifest Implementation-Title org.apache.lucene High
Product jar package name spatial Low
Product pom artifactid lucene-spatial-extras Highest
Product Manifest specification-title Lucene Search Engine: spatial-extras Medium
Product pom description
Advanced Spatial Shape Strategies for Apache Lucene
Medium
Product pom name Lucene Spatial Extras High
Product gradle artifactid lucene-spatial-extras Highest
Product pom parent-artifactid lucene-parent Medium
Product jar package name lucene Low
Product file name lucene-spatial-extras High
Product pom parent-groupid org.apache.lucene Low
Version pom version 7.1.0 Highest
Version file version 7.1.0 Highest
Version central version 7.1.0 Highest
lucene-spatial3d-7.1.0.jar
Description:
Lucene Spatial shapes implemented using 3D planar geometry
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.lucene\lucene-spatial3d\7.1.0\8ded650aed23efb775f17be496e3e3870214e23b\lucene-spatial3d-7.1.0.jar
MD5: 7099b53ac62fef4abc98897b2a2432ac
SHA1: 8ded650aed23efb775f17be496e3e3870214e23b
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest extension-name org.apache.lucene Medium
Vendor pom description
Lucene Spatial shapes implemented using 3D planar geometry
Medium
Vendor jar package name spatial3d Low
Vendor jar package name apache Low
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor central groupid org.apache.lucene Highest
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom artifactid lucene-spatial3d Low
Vendor file name lucene-spatial3d High
Vendor gradle groupid org.apache.lucene Highest
Vendor pom groupid apache.lucene Highest
Vendor pom parent-artifactid lucene-parent Low
Vendor pom parent-groupid org.apache.lucene Medium
Vendor jar package name lucene Low
Vendor pom name Lucene Spatial 3D High
Product Manifest extension-name org.apache.lucene Medium
Product pom description
Lucene Spatial shapes implemented using 3D planar geometry
Medium
Product jar package name spatial3d Low
Product gradle artifactid lucene-spatial3d Highest
Product pom groupid apache.lucene Low
Product Manifest Implementation-Title org.apache.lucene High
Product file name lucene-spatial3d High
Product jar package name geom Low
Product Manifest specification-title Lucene Search Engine: spatial3d Medium
Product central artifactid lucene-spatial3d Highest
Product pom artifactid lucene-spatial3d Highest
Product pom parent-artifactid lucene-parent Medium
Product jar package name lucene Low
Product pom parent-groupid org.apache.lucene Low
Product pom name Lucene Spatial 3D High
Version pom version 7.1.0 Highest
Version file version 7.1.0 Highest
Version central version 7.1.0 Highest
lucene-suggest-7.1.0.jar
Description: Lucene Suggest Module
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.lucene\lucene-suggest\7.1.0\8d0ed1589ebdccf34e888c6efc0134a13a238c85\lucene-suggest-7.1.0.jar
MD5: f7c96c4ef1a88527c188e3c064c8e34d
SHA1: 8d0ed1589ebdccf34e888c6efc0134a13a238c85
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest extension-name org.apache.lucene Medium
Vendor jar package name search Low
Vendor jar package name apache Low
Vendor pom description Lucene Suggest Module Medium
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor central groupid org.apache.lucene Highest
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor gradle groupid org.apache.lucene Highest
Vendor file name lucene-suggest High
Vendor pom name Lucene Suggest High
Vendor pom artifactid lucene-suggest Low
Vendor pom groupid apache.lucene Highest
Vendor pom parent-artifactid lucene-parent Low
Vendor pom parent-groupid org.apache.lucene Medium
Vendor jar package name lucene Low
Product Manifest extension-name org.apache.lucene Medium
Product jar package name search Low
Product pom description Lucene Suggest Module Medium
Product pom groupid apache.lucene Low
Product Manifest Implementation-Title org.apache.lucene High
Product gradle artifactid lucene-suggest Highest
Product file name lucene-suggest High
Product Manifest specification-title Lucene Search Engine: suggest Medium
Product pom name Lucene Suggest High
Product jar package name suggest Low
Product central artifactid lucene-suggest Highest
Product pom parent-artifactid lucene-parent Medium
Product jar package name lucene Low
Product pom artifactid lucene-suggest Highest
Product pom parent-groupid org.apache.lucene Low
Version pom version 7.1.0 Highest
Version file version 7.1.0 Highest
Version central version 7.1.0 Highest
solr-solrj-7.1.0.jar
Description: Apache Solr Solrj
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.solr\solr-solrj\7.1.0\c5bf57d39ca250daba668720e38abec2caab3569\solr-solrj-7.1.0.jar
MD5: 8dbb997db36ccfe1fc4ec278d4350fac
SHA1: c5bf57d39ca250daba668720e38abec2caab3569
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest extension-name org.apache.solr Medium
Vendor pom description Apache Solr Solrj Medium
Vendor file name solr-solrj High
Vendor pom name Apache Solr Solrj High
Vendor jar package name apache Low
Vendor pom artifactid solr-solrj Low
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor central groupid org.apache.solr Highest
Vendor jar package name client Low
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor gradle groupid org.apache.solr Highest
Vendor pom groupid apache.solr Highest
Vendor pom parent-artifactid solr-parent Low
Vendor jar package name solr Low
Vendor pom parent-groupid org.apache.solr Medium
Product Manifest extension-name org.apache.solr Medium
Product pom description Apache Solr Solrj Medium
Product file name solr-solrj High
Product pom name Apache Solr Solrj High
Product gradle artifactid solr-solrj Highest
Product jar package name client Low
Product pom parent-artifactid solr-parent Medium
Product Manifest Implementation-Title org.apache.solr High
Product jar package name solrj Low
Product jar package name solr Low
Product pom artifactid solr-solrj Highest
Product central artifactid solr-solrj Highest
Product pom groupid apache.solr Low
Product Manifest specification-title Apache Solr Search Server: solr-solrj Medium
Product pom parent-groupid org.apache.solr Low
Version pom version 7.1.0 Highest
Version file version 7.1.0 Highest
Version central version 7.1.0 Highest
hppc-0.7.1.jar
Description: High Performance Primitive Collections.
Fundamental data structures (maps, sets, lists, stacks, queues) generated for
combinations of object and primitive types to conserve JVM memory and speed
up execution.
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.carrotsearch\hppc\0.7.1\8b5057f74ea378c0150a1860874a3ebdcb713767\hppc-0.7.1.jar
MD5: 2ff89be5b49144c330190cf7137c3a26
SHA1: 8b5057f74ea378c0150a1860874a3ebdcb713767
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor gradle groupid com.carrotsearch Highest
Vendor file name hppc High
Vendor pom parent-artifactid hppc-parent Low
Vendor jar package name hppc Low
Vendor jar package name carrotsearch Low
Vendor pom parent-groupid com.carrotsearch Medium
Vendor pom name HPPC Collections High
Vendor pom description High Performance Primitive Collections. Fundamental data structures (maps, sets, lists, stacks, queues) generated for combinations of object and primitive types to conserve JVM memory and speed up execution. Low
Vendor pom groupid carrotsearch Highest
Vendor pom artifactid hppc Low
Vendor central groupid com.carrotsearch Highest
Product file name hppc High
Product pom artifactid hppc Highest
Product pom groupid carrotsearch Low
Product jar package name hppc Low
Product pom name HPPC Collections High
Product pom description High Performance Primitive Collections. Fundamental data structures (maps, sets, lists, stacks, queues) generated for combinations of object and primitive types to conserve JVM memory and speed up execution. Low
Product central artifactid hppc Highest
Product pom parent-groupid com.carrotsearch Low
Product gradle artifactid hppc Highest
Product pom parent-artifactid hppc-parent Medium
Version central version 0.7.1 Highest
Version file version 0.7.1 Highest
Version pom version 0.7.1 Highest
jackson-dataformat-smile-2.5.4.jar
Description: Support for reading and writing Smile ("binary JSON")
encoded data using Jackson abstractions (streaming API, data binding,
tree model)
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.fasterxml.jackson.dataformat\jackson-dataformat-smile\2.5.4\db0c5f1b6e16cb5f5e0505abfcd4b36f3e8bfdc6\jackson-dataformat-smile-2.5.4.jar
MD5: a3868ca8efddfec575b139f574e21dc2
SHA1: db0c5f1b6e16cb5f5e0505abfcd4b36f3e8bfdc6
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest bundle-symbolicname com.fasterxml.jackson.dataformat.jackson-dataformat-smile Medium
Vendor gradle groupid com.fasterxml.jackson.dataformat Highest
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Vendor Manifest Implementation-Vendor FasterXML High
Vendor file name jackson-dataformat-smile High
Vendor Manifest specification-vendor FasterXML Low
Vendor Manifest implementation-build-date 2015-06-09 22:10:49-0700 Low
Vendor central groupid com.fasterxml.jackson.dataformat Highest
Vendor pom artifactid jackson-dataformat-smile Low
Vendor pom url http://wiki.fasterxml.com/JacksonForSmile Highest
Vendor pom parent-groupid com.fasterxml.jackson Medium
Vendor pom parent-artifactid jackson-parent Low
Vendor pom name Jackson-dataformat-Smile High
Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.dataformat Medium
Vendor pom description Support for reading and writing Smile ("binary JSON")
encoded data using Jackson abstractions (streaming API, data binding,
tree model) Low
Vendor manifest Bundle-Description Support for reading and writing Smile ("binary JSON")encoded data using Jackson abstractions (streaming API, data binding,tree model) Low
Vendor Manifest bundle-docurl http://wiki.fasterxml.com/JacksonForSmile Low
Vendor pom groupid fasterxml.jackson.dataformat Highest
Product Manifest bundle-symbolicname com.fasterxml.jackson.dataformat.jackson-dataformat-smile Medium
Product pom groupid fasterxml.jackson.dataformat Low
Product gradle artifactid jackson-dataformat-smile Highest
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Product file name jackson-dataformat-smile High
Product pom parent-artifactid jackson-parent Medium
Product Manifest implementation-build-date 2015-06-09 22:10:49-0700 Low
Product Manifest specification-title Jackson-dataformat-Smile Medium
Product central artifactid jackson-dataformat-smile Highest
Product pom name Jackson-dataformat-Smile High
Product pom artifactid jackson-dataformat-smile Highest
Product Manifest Bundle-Name Jackson-dataformat-Smile Medium
Product pom parent-groupid com.fasterxml.jackson Low
Product pom description Support for reading and writing Smile ("binary JSON")
encoded data using Jackson abstractions (streaming API, data binding,
tree model) Low
Product manifest Bundle-Description Support for reading and writing Smile ("binary JSON")encoded data using Jackson abstractions (streaming API, data binding,tree model) Low
Product Manifest Implementation-Title Jackson-dataformat-Smile High
Product pom url http://wiki.fasterxml.com/JacksonForSmile Medium
Product Manifest bundle-docurl http://wiki.fasterxml.com/JacksonForSmile Low
Version Manifest Implementation-Version 2.5.4 High
Version file version 2.5.4 Highest
Version pom version 2.5.4 Highest
Version central version 2.5.4 Highest
caffeine-2.4.0.jar
Description: A high performance caching library for Java 8+
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.github.ben-manes.caffeine\caffeine\2.4.0\5aa8bbb851b1ad403cc140094ba4a25998369efe\caffeine-2.4.0.jar
MD5: 88d83922414143f7c3c1d12b83ca4d7b
SHA1: 5aa8bbb851b1ad403cc140094ba4a25998369efe
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest bundle-symbolicname com.github.ben-manes.caffeine Medium
Vendor pom name Caffeine cache High
Vendor pom url ben-manes/caffeine Highest
Vendor central groupid com.github.ben-manes.caffeine Highest
Vendor pom groupid github.ben-manes.caffeine Highest
Vendor jar package name github Low
Vendor file name caffeine High
Vendor jar package name caffeine Low
Vendor pom description A high performance caching library for Java 8+ Medium
Vendor jar package name benmanes Low
Vendor pom artifactid caffeine Low
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low
Vendor gradle groupid com.github.ben-manes.caffeine Highest
Product pom groupid github.ben-manes.caffeine Low
Product gradle artifactid caffeine Highest
Product Manifest bundle-symbolicname com.github.ben-manes.caffeine Medium
Product pom name Caffeine cache High
Product central artifactid caffeine Highest
Product pom url ben-manes/caffeine High
Product file name caffeine High
Product pom artifactid caffeine Highest
Product jar package name cache Low
Product jar package name caffeine Low
Product pom description A high performance caching library for Java 8+ Medium
Product jar package name benmanes Low
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low
Product Manifest Bundle-Name com.github.ben-manes.caffeine Medium
Version file version 2.4.0 Highest
Version pom version 2.4.0 Highest
Version central version 2.4.0 Highest
t-digest-3.1.jar
Description: Data structure which allows accurate estimation of quantiles and related rank statistics
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.tdunning\t-digest\3.1\451ed219688aed5821a789428fd5e10426d11312\t-digest-3.1.jar
MD5: ba0c00142170b71bd3ae17d2d7e4e38b
SHA1: 451ed219688aed5821a789428fd5e10426d11312
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom name T-Digest High
Vendor gradle groupid com.tdunning Highest
Vendor central groupid com.tdunning Highest
Vendor pom description Data structure which allows accurate estimation of quantiles and related rank statistics Medium
Vendor jar package name math Low
Vendor pom groupid tdunning Highest
Vendor pom url tdunning/t-digest Highest
Vendor pom artifactid t-digest Low
Vendor jar package name tdunning Low
Vendor file name t-digest High
Vendor jar package name stats Low
Product pom name T-Digest High
Product central artifactid t-digest Highest
Product pom description Data structure which allows accurate estimation of quantiles and related rank statistics Medium
Product jar package name math Low
Product gradle artifactid t-digest Highest
Product pom url tdunning/t-digest High
Product file name t-digest High
Product pom groupid tdunning Low
Product pom artifactid t-digest Highest
Product jar package name stats Low
Version file version 3.1 Highest
Version pom version 3.1 Highest
Version central version 3.1 Highest
dom4j-1.6.1.jar
Description: dom4j: the flexible XML framework for Java
File Path: Z:\Gradle\caches\modules-2\files-2.1\dom4j\dom4j\1.6.1\5d3ccc056b6f056dbf0dddfdf43894b9065a8f94\dom4j-1.6.1.jar
MD5: 4d8f51d3fe3900efc6e395be48030d6d
SHA1: 5d3ccc056b6f056dbf0dddfdf43894b9065a8f94
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor gradle groupid dom4j Highest
Vendor pom organization url http://sourceforge.net/projects/dom4j Medium
Vendor pom name dom4j High
Vendor Manifest specification-vendor MetaStuff Ltd. Low
Vendor pom url http://dom4j.org Highest
Vendor pom artifactid dom4j Low
Vendor jar package name dom4j Low
Vendor file name dom4j High
Vendor pom groupid dom4j Highest
Vendor Manifest Implementation-Vendor MetaStuff Ltd. High
Vendor central groupid dom4j Highest
Vendor pom organization name MetaStuff Ltd. High
Vendor pom description dom4j: the flexible XML framework for Java Medium
Vendor Manifest extension-name dom4j Medium
Product pom groupid dom4j Low
Product central artifactid dom4j Highest
Product pom name dom4j High
Product Manifest specification-title dom4j : XML framework for Java Medium
Product gradle artifactid dom4j Highest
Product Manifest Implementation-Title org.dom4j High
Product file name dom4j High
Product pom organization url http://sourceforge.net/projects/dom4j Low
Product pom url http://dom4j.org Medium
Product pom description dom4j: the flexible XML framework for Java Medium
Product pom artifactid dom4j Highest
Product pom organization name MetaStuff Ltd. Low
Product Manifest extension-name dom4j Medium
Version central version 1.6.1 Highest
Version pom version 1.6.1 Highest
Version Manifest Implementation-Version 1.6.1 High
Version file version 1.6.1 Highest
gmetric4j-1.0.7.jar
Description: JVM instrumentation to Ganglia
License:
The MIT License: http://www.opensource.org/licenses/mit-license.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\info.ganglia.gmetric4j\gmetric4j\1.0.7\37a1cb0d8821cad9bd33f1ce454459fed18efa44\gmetric4j-1.0.7.jar
MD5: ae36017546569c0312ba11f7b8c369c3
SHA1: 37a1cb0d8821cad9bd33f1ce454459fed18efa44
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name gmetric4j Low
Vendor file name gmetric4j High
Vendor jar package name ganglia Low
Vendor pom artifactid gmetric4j Low
Vendor pom description JVM instrumentation to Ganglia Medium
Vendor jar package name info Low
Vendor pom groupid info.ganglia.gmetric4j Highest
Vendor gradle groupid info.ganglia.gmetric4j Highest
Vendor pom url http://github.com/ganglia/gmetric4j Highest
Vendor pom name gmetric4j High
Vendor central groupid info.ganglia.gmetric4j Highest
Product jar package name gmetric4j Low
Product file name gmetric4j High
Product jar package name ganglia Low
Product pom description JVM instrumentation to Ganglia Medium
Product gradle artifactid gmetric4j Highest
Product pom url http://github.com/ganglia/gmetric4j Medium
Product pom artifactid gmetric4j Highest
Product jar package name xdr Low
Product central artifactid gmetric4j Highest
Product pom groupid info.ganglia.gmetric4j Low
Product pom name gmetric4j High
Version pom version 1.0.7 Highest
Version file version 1.0.7 Highest
Version central version 1.0.7 Highest
metrics-core-3.2.2.jar
Description:
Metrics is a Java library which gives you unparalleled insight into what your code does in
production. Metrics provides a powerful toolkit of ways to measure the behavior of critical
components in your production environment.
License:
http://www.apache.org/licenses/LICENSE-2.0.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\io.dropwizard.metrics\metrics-core\3.2.2\cd9886f498ee2ab2d994f0c779e5553b2c450416\metrics-core-3.2.2.jar
MD5: da529999d5083e800829eaab432a8a54
SHA1: cd9886f498ee2ab2d994f0c779e5553b2c450416
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest Implementation-Vendor-Id io.dropwizard.metrics Medium
Vendor pom name Metrics Core High
Vendor central groupid io.dropwizard.metrics Highest
Vendor Manifest bundle-symbolicname io.dropwizard.metrics.core Medium
Vendor pom parent-artifactid metrics-parent Low
Vendor pom description Metrics is a Java library which gives you unparalleled insight into what your code does in production. Metrics provides a powerful toolkit of ways to measure the behavior of critical components in your production environment. Low
Vendor gradle groupid io.dropwizard.metrics Highest
Vendor file name metrics-core High
Vendor pom groupid io.dropwizard.metrics Highest
Vendor pom artifactid metrics-core Low
Vendor manifest Bundle-Description Metrics is a Java library which gives you unparalleled insight into what your code does in production. Metrics provides a powerful toolkit of ways to measure the behavior of critical components in your production environment. Low
Product Manifest bundle-symbolicname io.dropwizard.metrics.core Medium
Product Manifest Bundle-Name Metrics Core Medium
Product pom artifactid metrics-core Highest
Product pom description Metrics is a Java library which gives you unparalleled insight into what your code does in production. Metrics provides a powerful toolkit of ways to measure the behavior of critical components in your production environment. Low
Product Manifest Implementation-Title Metrics Core High
Product file name metrics-core High
Product pom parent-artifactid metrics-parent Medium
Product pom name Metrics Core High
Product gradle artifactid metrics-core Highest
Product pom groupid io.dropwizard.metrics Low
Product manifest Bundle-Description Metrics is a Java library which gives you unparalleled insight into what your code does in production. Metrics provides a powerful toolkit of ways to measure the behavior of critical components in your production environment. Low
Product central artifactid metrics-core Highest
Version central version 3.2.2 Highest
Version file version 3.2.2 Highest
Version pom version 3.2.2 Highest
Version Manifest Implementation-Version 3.2.2 High
metrics-ganglia-3.2.2.jar
Description:
A reporter for Metrics which announces measurements to a Ganglia cluster.
License:
http://www.apache.org/licenses/LICENSE-2.0.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\io.dropwizard.metrics\metrics-ganglia\3.2.2\d5bb1883e9b0daf0e4187e558746f5058f4585c1\metrics-ganglia-3.2.2.jar
MD5: 6998771417e4efe002eaa0f82bd939fb
SHA1: d5bb1883e9b0daf0e4187e558746f5058f4585c1
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom name Ganglia Integration for Metrics High
Vendor Manifest Implementation-Vendor-Id io.dropwizard.metrics Medium
Vendor central groupid io.dropwizard.metrics Highest
Vendor pom artifactid metrics-ganglia Low
Vendor pom parent-artifactid metrics-parent Low
Vendor file name metrics-ganglia High
Vendor manifest Bundle-Description A reporter for Metrics which announces measurements to a Ganglia cluster. Medium
Vendor gradle groupid io.dropwizard.metrics Highest
Vendor pom groupid io.dropwizard.metrics Highest
Vendor Manifest bundle-symbolicname io.dropwizard.metrics.ganglia Medium
Vendor pom description
A reporter for Metrics which announces measurements to a Ganglia cluster.
Medium
Product gradle artifactid metrics-ganglia Highest
Product file name metrics-ganglia High
Product Manifest bundle-symbolicname io.dropwizard.metrics.ganglia Medium
Product pom description
A reporter for Metrics which announces measurements to a Ganglia cluster.
Medium
Product pom name Ganglia Integration for Metrics High
Product pom parent-artifactid metrics-parent Medium
Product pom artifactid metrics-ganglia Highest
Product Manifest Implementation-Title Ganglia Integration for Metrics High
Product pom groupid io.dropwizard.metrics Low
Product manifest Bundle-Description A reporter for Metrics which announces measurements to a Ganglia cluster. Medium
Product central artifactid metrics-ganglia Highest
Product Manifest Bundle-Name Ganglia Integration for Metrics Medium
Version central version 3.2.2 Highest
Version file version 3.2.2 Highest
Version pom version 3.2.2 Highest
Version Manifest Implementation-Version 3.2.2 High
metrics-graphite-3.2.2.jar
Description:
A reporter for Metrics which announces measurements to a Graphite server.
License:
http://www.apache.org/licenses/LICENSE-2.0.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\io.dropwizard.metrics\metrics-graphite\3.2.2\908e8cbec1bbdb2f4023334e424c7de2832a95af\metrics-graphite-3.2.2.jar
MD5: ba2f49e74fbfbdbb36045755684f896e
SHA1: 908e8cbec1bbdb2f4023334e424c7de2832a95af
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor file name metrics-graphite High
Vendor Manifest Implementation-Vendor-Id io.dropwizard.metrics Medium
Vendor central groupid io.dropwizard.metrics Highest
Vendor pom parent-artifactid metrics-parent Low
Vendor manifest Bundle-Description A reporter for Metrics which announces measurements to a Graphite server. Medium
Vendor Manifest bundle-symbolicname io.dropwizard.metrics.graphite Medium
Vendor pom artifactid metrics-graphite Low
Vendor gradle groupid io.dropwizard.metrics Highest
Vendor pom name Graphite Integration for Metrics High
Vendor pom groupid io.dropwizard.metrics Highest
Vendor pom description
A reporter for Metrics which announces measurements to a Graphite server.
Medium
Product file name metrics-graphite High
Product Manifest bundle-symbolicname io.dropwizard.metrics.graphite Medium
Product central artifactid metrics-graphite Highest
Product pom description
A reporter for Metrics which announces measurements to a Graphite server.
Medium
Product gradle artifactid metrics-graphite Highest
Product pom parent-artifactid metrics-parent Medium
Product Manifest Implementation-Title Graphite Integration for Metrics High
Product manifest Bundle-Description A reporter for Metrics which announces measurements to a Graphite server. Medium
Product pom groupid io.dropwizard.metrics Low
Product pom name Graphite Integration for Metrics High
Product pom artifactid metrics-graphite Highest
Product Manifest Bundle-Name Graphite Integration for Metrics Medium
Version central version 3.2.2 Highest
Version file version 3.2.2 Highest
Version pom version 3.2.2 Highest
Version Manifest Implementation-Version 3.2.2 High
metrics-jetty9-3.2.2.jar
Description:
A set of extensions for Jetty 9.1 and higher which provide instrumentation of thread pools, connector
metrics, and application latency and utilization.
License:
http://www.apache.org/licenses/LICENSE-2.0.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\io.dropwizard.metrics\metrics-jetty9\3.2.2\3fc94d99f41dc3f5be5483c81828138104df4449\metrics-jetty9-3.2.2.jar
MD5: 42a436bbd0e679c9e1737ab7bf5dcf75
SHA1: 3fc94d99f41dc3f5be5483c81828138104df4449
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom artifactid metrics-jetty9 Low
Vendor Manifest Implementation-Vendor-Id io.dropwizard.metrics Medium
Vendor Manifest bundle-symbolicname io.dropwizard.metrics.jetty9 Medium
Vendor central groupid io.dropwizard.metrics Highest
Vendor pom parent-artifactid metrics-parent Low
Vendor pom name Metrics Integration for Jetty 9.1 and higher High
Vendor file name metrics-jetty9 High
Vendor manifest Bundle-Description A set of extensions for Jetty 9.1 and higher which provide instrumentation of thread pools, connector metrics, and application latency and utilization. Low
Vendor gradle groupid io.dropwizard.metrics Highest
Vendor pom groupid io.dropwizard.metrics Highest
Vendor pom description A set of extensions for Jetty 9.1 and higher which provide instrumentation of thread pools, connector metrics, and application latency and utilization. Low
Product pom artifactid metrics-jetty9 Highest
Product Manifest bundle-symbolicname io.dropwizard.metrics.jetty9 Medium
Product pom name Metrics Integration for Jetty 9.1 and higher High
Product pom parent-artifactid metrics-parent Medium
Product gradle artifactid metrics-jetty9 Highest
Product file name metrics-jetty9 High
Product manifest Bundle-Description A set of extensions for Jetty 9.1 and higher which provide instrumentation of thread pools, connector metrics, and application latency and utilization. Low
Product pom groupid io.dropwizard.metrics Low
Product Manifest Bundle-Name Metrics Integration for Jetty 9.1 and higher Medium
Product central artifactid metrics-jetty9 Highest
Product Manifest Implementation-Title Metrics Integration for Jetty 9.1 and higher High
Product pom description A set of extensions for Jetty 9.1 and higher which provide instrumentation of thread pools, connector metrics, and application latency and utilization. Low
Version central version 3.2.2 Highest
Version file version 3.2.2 Highest
Version pom version 3.2.2 Highest
Version Manifest Implementation-Version 3.2.2 High
metrics-jvm-3.2.2.jar
Description:
A set of classes which allow you to monitor critical aspects of your Java Virtual Machine
using Metrics.
License:
http://www.apache.org/licenses/LICENSE-2.0.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\io.dropwizard.metrics\metrics-jvm\3.2.2\9cbf2030242f7ffb97fae23f8a81421eb8d4ad45\metrics-jvm-3.2.2.jar
MD5: 628535c45f493ea53527258e1ddbfe8b
SHA1: 9cbf2030242f7ffb97fae23f8a81421eb8d4ad45
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor manifest Bundle-Description A set of classes which allow you to monitor critical aspects of your Java Virtual Machine using Metrics. Low
Vendor Manifest Implementation-Vendor-Id io.dropwizard.metrics Medium
Vendor pom name JVM Integration for Metrics High
Vendor central groupid io.dropwizard.metrics Highest
Vendor pom parent-artifactid metrics-parent Low
Vendor pom artifactid metrics-jvm Low
Vendor gradle groupid io.dropwizard.metrics Highest
Vendor file name metrics-jvm High
Vendor pom groupid io.dropwizard.metrics Highest
Vendor Manifest bundle-symbolicname io.dropwizard.metrics.jvm Medium
Vendor pom description A set of classes which allow you to monitor critical aspects of your Java Virtual Machine using Metrics. Low
Product central artifactid metrics-jvm Highest
Product Manifest Implementation-Title JVM Integration for Metrics High
Product file name metrics-jvm High
Product Manifest bundle-symbolicname io.dropwizard.metrics.jvm Medium
Product gradle artifactid metrics-jvm Highest
Product manifest Bundle-Description A set of classes which allow you to monitor critical aspects of your Java Virtual Machine using Metrics. Low
Product pom parent-artifactid metrics-parent Medium
Product pom name JVM Integration for Metrics High
Product pom groupid io.dropwizard.metrics Low
Product pom artifactid metrics-jvm Highest
Product Manifest Bundle-Name JVM Integration for Metrics Medium
Product pom description A set of classes which allow you to monitor critical aspects of your Java Virtual Machine using Metrics. Low
Version central version 3.2.2 Highest
Version file version 3.2.2 Highest
Version pom version 3.2.2 Highest
Version Manifest Implementation-Version 3.2.2 High
eigenbase-properties-1.1.5.jar
Description: Type-safe access to Java system properties
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\net.hydromatic\eigenbase-properties\1.1.5\a941956b3a4664d0cf728ece06ba25cc2110a3aa\eigenbase-properties-1.1.5.jar
MD5: 74250b1aa57ff13507bf28c09e5299eb
SHA1: a941956b3a4664d0cf728ece06ba25cc2110a3aa
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom description Type-safe access to Java system properties Medium
Vendor pom url http://github.com/julianhyde/eigenbase-properties Highest
Vendor pom organization name Julian Hyde High
Vendor gradle groupid net.hydromatic Highest
Vendor Manifest bundle-symbolicname net.hydromatic.eigenbase-properties Medium
Vendor central groupid net.hydromatic Highest
Vendor manifest Bundle-Description Type-safe access to Java system properties Medium
Vendor pom name eigenbase-properties High
Vendor Manifest bundle-docurl http://www.hydromatic.net Low
Vendor pom parent-artifactid parent Low
Vendor pom artifactid eigenbase-properties Low
Vendor file name eigenbase-properties High
Vendor pom groupid net.hydromatic Highest
Vendor pom organization url http://www.hydromatic.net Medium
Product pom description Type-safe access to Java system properties Medium
Product pom organization url http://www.hydromatic.net Low
Product pom organization name Julian Hyde Low
Product gradle artifactid eigenbase-properties Highest
Product pom artifactid eigenbase-properties Highest
Product pom groupid net.hydromatic Low
Product Manifest Bundle-Name eigenbase-properties Medium
Product central artifactid eigenbase-properties Highest
Product Manifest bundle-symbolicname net.hydromatic.eigenbase-properties Medium
Product pom parent-artifactid parent Medium
Product manifest Bundle-Description Type-safe access to Java system properties Medium
Product pom name eigenbase-properties High
Product Manifest bundle-docurl http://www.hydromatic.net Low
Product pom url http://github.com/julianhyde/eigenbase-properties Medium
Product file name eigenbase-properties High
Version pom version 1.1.5 Highest
Version central version 1.1.5 Highest
Version file version 1.1.5 Highest
antlr4-runtime-4.5.1-1.jar
Description: The ANTLR 4 Runtime
License:
http://www.antlr.org/license.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.antlr\antlr4-runtime\4.5.1-1\66144204f9d6d7d3f3f775622c2dd7e9bd511d97\antlr4-runtime-4.5.1-1.jar
MD5: c57e3c5fd251603e1d815ec1d6fde69b
SHA1: 66144204f9d6d7d3f3f775622c2dd7e9bd511d97
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom parent-groupid org.antlr Medium
Vendor Manifest bundle-docurl http://www.antlr.org Low
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Vendor pom artifactid antlr4-runtime Low
Vendor Manifest Implementation-Vendor-Id org.antlr Medium
Vendor pom description The ANTLR 4 Runtime Medium
Vendor pom name ANTLR 4 Runtime High
Vendor file name antlr4-runtime High
Vendor central groupid org.antlr Highest
Vendor Manifest bundle-symbolicname org.antlr.antlr4-runtime-osgi Medium
Vendor Manifest Implementation-Vendor ANTLR High
Vendor gradle groupid org.antlr Highest
Vendor pom parent-artifactid antlr4-master Low
Vendor manifest Bundle-Description The ANTLR 4 Runtime Medium
Vendor pom groupid antlr Highest
Product central artifactid antlr4-runtime Highest
Product Manifest bundle-docurl http://www.antlr.org Low
Product pom parent-groupid org.antlr Low
Product gradle artifactid antlr4-runtime Highest
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Product Manifest Implementation-Title ANTLR 4 Runtime High
Product pom groupid antlr Low
Product pom description The ANTLR 4 Runtime Medium
Product pom name ANTLR 4 Runtime High
Product file name antlr4-runtime High
Product Manifest Bundle-Name ANTLR 4 Runtime Medium
Product Manifest bundle-symbolicname org.antlr.antlr4-runtime-osgi Medium
Product pom artifactid antlr4-runtime Highest
Product manifest Bundle-Description The ANTLR 4 Runtime Medium
Product pom parent-artifactid antlr4-master Medium
Version file version 4.5.1.1 Highest
Version central version 4.5.1-1 Highest
Version pom version 4.5.1-1 Highest
Version Manifest Implementation-Version 4.5.1-1 High
calcite-core-1.13.0.jar
Description: Core Calcite APIs and engine.
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.calcite\calcite-core\1.13.0\1e7995aa0afe4c27a12e7b320a2938dcf05d9581\calcite-core-1.13.0.jar
MD5: 29b1ddb56d998c4503737088f49074e7
SHA1: 1e7995aa0afe4c27a12e7b320a2938dcf05d9581
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor gradle groupid org.apache.calcite Highest
Vendor pom parent-groupid org.apache.calcite Medium
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom name Calcite Core High
Vendor pom parent-artifactid calcite Low
Vendor central groupid org.apache.calcite Highest
Vendor Manifest Implementation-Vendor-Id org.apache.calcite Medium
Vendor pom description Core Calcite APIs and engine. Medium
Vendor pom groupid apache.calcite Highest
Vendor pom artifactid calcite-core Low
Vendor file name calcite-core High
Vendor Manifest implementation-url https://calcite.apache.org/calcite-core Low
Product pom parent-groupid org.apache.calcite Low
Product pom groupid apache.calcite Low
Product pom parent-artifactid calcite Medium
Product pom artifactid calcite-core Highest
Product pom name Calcite Core High
Product Manifest Implementation-Title Calcite Core High
Product pom description Core Calcite APIs and engine. Medium
Product central artifactid calcite-core Highest
Product Manifest specification-title Calcite Core Medium
Product gradle artifactid calcite-core Highest
Product file name calcite-core High
Product Manifest implementation-url https://calcite.apache.org/calcite-core Low
Version Manifest Implementation-Version 1.13.0 High
Version pom version 1.13.0 Highest
Version file version 1.13.0 Highest
Version central version 1.13.0 Highest
calcite-linq4j-1.13.0.jar
Description: Calcite APIs for LINQ (Language-Integrated Query) in Java
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.calcite\calcite-linq4j\1.13.0\96c814d27516cf48d439277300252bfb2b00486f\calcite-linq4j-1.13.0.jar
MD5: 6537b031565b9c7f0dea69953f93e0d6
SHA1: 96c814d27516cf48d439277300252bfb2b00486f
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest implementation-url https://calcite.apache.org/calcite-linq4j Low
Vendor pom description Calcite APIs for LINQ (Language-Integrated Query) in Java Medium
Vendor gradle groupid org.apache.calcite Highest
Vendor pom parent-groupid org.apache.calcite Medium
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor file name calcite-linq4j High
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom artifactid calcite-linq4j Low
Vendor pom parent-artifactid calcite Low
Vendor central groupid org.apache.calcite Highest
Vendor Manifest Implementation-Vendor-Id org.apache.calcite Medium
Vendor pom name Calcite Linq4j High
Vendor pom groupid apache.calcite Highest
Product pom parent-groupid org.apache.calcite Low
Product Manifest Implementation-Title Calcite Linq4j High
Product Manifest implementation-url https://calcite.apache.org/calcite-linq4j Low
Product pom description Calcite APIs for LINQ (Language-Integrated Query) in Java Medium
Product file name calcite-linq4j High
Product Manifest specification-title Calcite Linq4j Medium
Product pom artifactid calcite-linq4j Highest
Product pom groupid apache.calcite Low
Product pom parent-artifactid calcite Medium
Product pom name Calcite Linq4j High
Product gradle artifactid calcite-linq4j Highest
Product central artifactid calcite-linq4j Highest
Version Manifest Implementation-Version 1.13.0 High
Version pom version 1.13.0 Highest
Version file version 1.13.0 Highest
Version central version 1.13.0 Highest
avatica-core-1.10.0.jar
Description: JDBC driver framework.
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.calcite.avatica\avatica-core\1.10.0\82280b09d490c7e4981b5af2d79fcf55efbe6144\avatica-core-1.10.0.jar
MD5: de761b429df2ea4988155ba48fb8c225
SHA1: 82280b09d490c7e4981b5af2d79fcf55efbe6144
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor central groupid org.apache.calcite.avatica Highest
Vendor Manifest Implementation-Vendor-Id org.apache.calcite.avatica Medium
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor pom parent-artifactid avatica-parent Low
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom description JDBC driver framework. Medium
Vendor pom parent-groupid org.apache.calcite.avatica Medium
Vendor file name avatica-core High
Vendor pom artifactid avatica-core Low
Vendor pom name Apache Calcite Avatica High
Vendor Manifest implementation-url https://calcite.apache.org/avatica/shaded/avatica-core Low
Vendor pom groupid apache.calcite.avatica Highest
Vendor gradle groupid org.apache.calcite.avatica Highest
Product pom artifactid avatica-core Highest
Product central artifactid avatica-core Highest
Product pom parent-artifactid avatica-parent Medium
Product pom description JDBC driver framework. Medium
Product pom groupid apache.calcite.avatica Low
Product pom parent-groupid org.apache.calcite.avatica Low
Product file name avatica-core High
Product Manifest specification-title Apache Calcite Avatica Medium
Product pom name Apache Calcite Avatica High
Product gradle artifactid avatica-core Highest
Product Manifest Implementation-Title Apache Calcite Avatica High
Product Manifest implementation-url https://calcite.apache.org/avatica/shaded/avatica-core Low
Version Manifest Implementation-Version 1.10.0 High
Version central version 1.10.0 Highest
Version pom version 1.10.0 Highest
Version file version 1.10.0 Highest
commons-lang3-3.6.jar
Description:
Apache Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.commons\commons-lang3\3.6\9d28a6b23650e8a7e9063c04588ace6cf7012c17\commons-lang3-3.6.jar
MD5: 5d18f68b5122fd398c118df53ab4cf55
SHA1: 9d28a6b23650e8a7e9063c04588ace6cf7012c17
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest implementation-url http://commons.apache.org/proper/commons-lang/ Low
Vendor pom description Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang. Low
Vendor Manifest automatic-module-name org.apache.commons.lang3 Medium
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor pom groupid apache.commons Highest
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom parent-groupid org.apache.commons Medium
Vendor Manifest Implementation-Vendor-Id org.apache.commons Medium
Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-lang/ Low
Vendor pom url http://commons.apache.org/proper/commons-lang/ Highest
Vendor central groupid org.apache.commons Highest
Vendor pom artifactid commons-lang3 Low
Vendor pom parent-artifactid commons-parent Low
Vendor pom name Apache Commons Lang High
Vendor Manifest bundle-symbolicname org.apache.commons.lang3 Medium
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Vendor manifest Bundle-Description Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang. Low
Vendor file name commons-lang3 High
Vendor gradle groupid org.apache.commons Highest
Product pom parent-groupid org.apache.commons Low
Product pom artifactid commons-lang3 Highest
Product pom url http://commons.apache.org/proper/commons-lang/ Medium
Product central artifactid commons-lang3 Highest
Product Manifest implementation-url http://commons.apache.org/proper/commons-lang/ Low
Product pom description Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang. Low
Product Manifest automatic-module-name org.apache.commons.lang3 Medium
Product Manifest Bundle-Name Apache Commons Lang Medium
Product Manifest Implementation-Title Apache Commons Lang High
Product Manifest specification-title Apache Commons Lang Medium
Product pom parent-artifactid commons-parent Medium
Product Manifest bundle-docurl http://commons.apache.org/proper/commons-lang/ Low
Product pom name Apache Commons Lang High
Product Manifest bundle-symbolicname org.apache.commons.lang3 Medium
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Product pom groupid apache.commons Low
Product manifest Bundle-Description Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang. Low
Product file name commons-lang3 High
Product gradle artifactid commons-lang3 Highest
Version central version 3.6 Highest
Version file version 3.6 Highest
Version pom version 3.6 Highest
Version Manifest Implementation-Version 3.6 High
curator-client-2.8.0.jar
Description: Low-level API
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.curator\curator-client\2.8.0\84feebaa8526f4984566f6a32f55d7689800acf9\curator-client-2.8.0.jar
MD5: c9092076fe5ede652f89465d6a859dfa
SHA1: 84feebaa8526f4984566f6a32f55d7689800acf9
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor gradle groupid org.apache.curator Highest
Vendor manifest Bundle-Description Low-level API Medium
Vendor pom artifactid curator-client Low
Vendor central groupid org.apache.curator Highest
Vendor Manifest bundle-docurl http://www.apache.org/ Low
Vendor file name curator-client High
Vendor pom parent-groupid org.apache.curator Medium
Vendor pom description Low-level API Medium
Vendor pom parent-artifactid apache-curator Low
Vendor Manifest bundle-symbolicname curator-client Medium
Vendor pom groupid apache.curator Highest
Vendor pom name Curator Client High
Product pom groupid apache.curator Low
Product central artifactid curator-client Highest
Product manifest Bundle-Description Low-level API Medium
Product pom parent-artifactid apache-curator Medium
Product gradle artifactid curator-client Highest
Product Manifest bundle-docurl http://www.apache.org/ Low
Product file name curator-client High
Product pom description Low-level API Medium
Product pom artifactid curator-client Highest
Product pom parent-groupid org.apache.curator Low
Product Manifest bundle-symbolicname curator-client Medium
Product pom name Curator Client High
Product Manifest Bundle-Name Curator Client Medium
Version pom version 2.8.0 Highest
Version file version 2.8.0 Highest
Version central version 2.8.0 Highest
curator-framework-2.8.0.jar
Description: High-level API that greatly simplifies using ZooKeeper.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.curator\curator-framework\2.8.0\f8edc9156084ad19ae50ae5958bf218a08351834\curator-framework-2.8.0.jar
MD5: 1ef0e8c00272ceba66741ee16773c5cd
SHA1: f8edc9156084ad19ae50ae5958bf218a08351834
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor gradle groupid org.apache.curator Highest
Vendor manifest Bundle-Description High-level API that greatly simplifies using ZooKeeper. Medium
Vendor pom artifactid curator-framework Low
Vendor central groupid org.apache.curator Highest
Vendor pom name Curator Framework High
Vendor Manifest bundle-docurl http://www.apache.org/ Low
Vendor Manifest bundle-symbolicname curator-framework Medium
Vendor pom description High-level API that greatly simplifies using ZooKeeper. Medium
Vendor pom parent-groupid org.apache.curator Medium
Vendor pom parent-artifactid apache-curator Low
Vendor file name curator-framework High
Vendor pom groupid apache.curator Highest
Product manifest Bundle-Description High-level API that greatly simplifies using ZooKeeper. Medium
Product pom groupid apache.curator Low
Product pom parent-artifactid apache-curator Medium
Product pom artifactid curator-framework Highest
Product pom name Curator Framework High
Product Manifest Bundle-Name Curator Framework Medium
Product Manifest bundle-docurl http://www.apache.org/ Low
Product Manifest bundle-symbolicname curator-framework Medium
Product central artifactid curator-framework Highest
Product pom description High-level API that greatly simplifies using ZooKeeper. Medium
Product file name curator-framework High
Product pom parent-groupid org.apache.curator Low
Product gradle artifactid curator-framework Highest
Version pom version 2.8.0 Highest
Version file version 2.8.0 Highest
Version central version 2.8.0 Highest
Published Vulnerabilities
CVE-2014-0085 suppress
Severity:
Low
CVSS Score: 2.1
(AV:L/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-255 Credentials Management
Apache Zookeeper logs cleartext admin passwords, which allows local users to obtain sensitive information by reading the log.
Vulnerable Software & Versions: (show all )
CVE-2016-5017 suppress
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Buffer overflow in the C cli shell in Apache Zookeeper before 3.4.9 and 3.5.x before 3.5.3, when using the "cmd:" batch mode syntax, allows attackers to have unspecified impact via a long command string.
Vulnerable Software & Versions: (show all )
curator-recipes-2.8.0.jar
Description: All of the recipes listed on the ZooKeeper recipes doc (except two phase commit).
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.curator\curator-recipes\2.8.0\c563e25fb37f85a6b029bc9746e75573640474fb\curator-recipes-2.8.0.jar
MD5: d0cda7ac1d3317646df990366d89110b
SHA1: c563e25fb37f85a6b029bc9746e75573640474fb
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor gradle groupid org.apache.curator Highest
Vendor manifest Bundle-Description All of the recipes listed on the ZooKeeper recipes doc (except two phase commit). Medium
Vendor central groupid org.apache.curator Highest
Vendor Manifest bundle-docurl http://www.apache.org/ Low
Vendor pom description All of the recipes listed on the ZooKeeper recipes doc (except two phase commit). Medium
Vendor file name curator-recipes High
Vendor pom parent-groupid org.apache.curator Medium
Vendor pom name Curator Recipes High
Vendor pom parent-artifactid apache-curator Low
Vendor Manifest bundle-symbolicname curator-recipes Medium
Vendor pom artifactid curator-recipes Low
Vendor pom groupid apache.curator Highest
Product manifest Bundle-Description All of the recipes listed on the ZooKeeper recipes doc (except two phase commit). Medium
Product pom groupid apache.curator Low
Product pom parent-artifactid apache-curator Medium
Product gradle artifactid curator-recipes Highest
Product central artifactid curator-recipes Highest
Product Manifest bundle-docurl http://www.apache.org/ Low
Product pom description All of the recipes listed on the ZooKeeper recipes doc (except two phase commit). Medium
Product file name curator-recipes High
Product Manifest Bundle-Name Curator Recipes Medium
Product pom name Curator Recipes High
Product pom artifactid curator-recipes Highest
Product Manifest bundle-symbolicname curator-recipes Medium
Product pom parent-groupid org.apache.curator Low
Version pom version 2.8.0 Highest
Version file version 2.8.0 Highest
Version central version 2.8.0 Highest
Published Vulnerabilities
CVE-2014-0085 suppress
Severity:
Low
CVSS Score: 2.1
(AV:L/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-255 Credentials Management
Apache Zookeeper logs cleartext admin passwords, which allows local users to obtain sensitive information by reading the log.
Vulnerable Software & Versions: (show all )
CVE-2016-5017 suppress
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Buffer overflow in the C cli shell in Apache Zookeeper before 3.4.9 and 3.5.x before 3.5.3, when using the "cmd:" batch mode syntax, allows attackers to have unspecified impact via a long command string.
Vulnerable Software & Versions: (show all )
hadoop-annotations-2.7.4.jar
Description: Apache Hadoop Annotations
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.hadoop\hadoop-annotations\2.7.4\d8e0a3abcc3fb46e1418b99d6d1328a95d9bd7b1\hadoop-annotations-2.7.4.jar
MD5: 6fe58898886aebb11e761f75bdc3f237
SHA1: d8e0a3abcc3fb46e1418b99d6d1328a95d9bd7b1
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom parent-artifactid hadoop-project Low
Vendor jar package name hadoop Low
Vendor pom name Apache Hadoop Annotations High
Vendor pom description Apache Hadoop Annotations Medium
Vendor jar package name apache Low
Vendor gradle groupid org.apache.hadoop Highest
Vendor pom artifactid hadoop-annotations Low
Vendor central groupid org.apache.hadoop Highest
Vendor jar package name classification Low
Vendor pom groupid apache.hadoop Highest
Vendor file name hadoop-annotations High
Vendor pom parent-groupid org.apache.hadoop Medium
Product jar package name hadoop Low
Product pom groupid apache.hadoop Low
Product pom name Apache Hadoop Annotations High
Product pom description Apache Hadoop Annotations Medium
Product central artifactid hadoop-annotations Highest
Product file name hadoop-annotations High
Product gradle artifactid hadoop-annotations Highest
Product pom parent-groupid org.apache.hadoop Low
Product pom artifactid hadoop-annotations Highest
Product pom parent-artifactid hadoop-project Medium
Product jar package name classification Low
Version file version 2.7.4 Highest
Version central version 2.7.4 Highest
Version pom version 2.7.4 Highest
hadoop-auth-2.7.4.jar
Description: Apache Hadoop Auth - Java HTTP SPNEGO
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.hadoop\hadoop-auth\2.7.4\a2d5d89a6acfb11dd1a125e86b84fcef549483ae\hadoop-auth-2.7.4.jar
MD5: 13dc9913ede3dfc6d95f3a7c5dffd659
SHA1: a2d5d89a6acfb11dd1a125e86b84fcef549483ae
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom parent-artifactid hadoop-project Low
Vendor pom description Apache Hadoop Auth - Java HTTP SPNEGO Medium
Vendor jar package name hadoop Low
Vendor jar package name apache Low
Vendor gradle groupid org.apache.hadoop Highest
Vendor jar package name security Low
Vendor central groupid org.apache.hadoop Highest
Vendor pom groupid apache.hadoop Highest
Vendor pom artifactid hadoop-auth Low
Vendor pom parent-groupid org.apache.hadoop Medium
Vendor file name hadoop-auth High
Vendor pom name Apache Hadoop Auth High
Product pom description Apache Hadoop Auth - Java HTTP SPNEGO Medium
Product jar package name hadoop Low
Product pom groupid apache.hadoop Low
Product pom artifactid hadoop-auth Highest
Product jar package name security Low
Product jar package name authentication Low
Product pom parent-artifactid hadoop-project Medium
Product gradle artifactid hadoop-auth Highest
Product file name hadoop-auth High
Product central artifactid hadoop-auth Highest
Product pom parent-groupid org.apache.hadoop Low
Product pom name Apache Hadoop Auth High
Version file version 2.7.4 Highest
Version central version 2.7.4 Highest
Version pom version 2.7.4 Highest
hadoop-common-2.7.4.jar
Description: Apache Hadoop Common
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.hadoop\hadoop-common\2.7.4\9afa8d2004a0bbd930d1ac10d221d927917067be\hadoop-common-2.7.4.jar
MD5: ac17600d1fb51ada7fd2e677ce708005
SHA1: 9afa8d2004a0bbd930d1ac10d221d927917067be
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom groupid apache.hadoop Highest
Vendor jar package name hadoop Low
Vendor jar package name apache Low
Vendor gradle groupid org.apache.hadoop Highest
Vendor pom parent-groupid org.apache.hadoop Medium
Vendor pom parent-artifactid hadoop-project-dist Low
Vendor pom description Apache Hadoop Common Medium
Vendor file name hadoop-common High
Vendor central groupid org.apache.hadoop Highest
Vendor pom artifactid hadoop-common Low
Vendor pom name Apache Hadoop Common High
Product central artifactid hadoop-common Highest
Product jar package name hadoop Low
Product pom groupid apache.hadoop Low
Product pom parent-artifactid hadoop-project-dist Medium
Product gradle artifactid hadoop-common Highest
Product pom description Apache Hadoop Common Medium
Product file name hadoop-common High
Product pom parent-groupid org.apache.hadoop Low
Product pom artifactid hadoop-common Highest
Product pom name Apache Hadoop Common High
Version file version 2.7.4 Highest
Version central version 2.7.4 Highest
Version pom version 2.7.4 Highest
hadoop-hdfs-2.7.4.jar
Description: Apache Hadoop HDFS
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.hadoop\hadoop-hdfs\2.7.4\3e1414e3ae47e97f66b2eb904d3ec6c50a3e29d0\hadoop-hdfs-2.7.4.jar
MD5: e18f429b60662b724cad080b834717a3
SHA1: 3e1414e3ae47e97f66b2eb904d3ec6c50a3e29d0
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name hadoop Low
Vendor jar package name apache Low
Vendor gradle groupid org.apache.hadoop Highest
Vendor pom parent-artifactid hadoop-project-dist Low
Vendor central groupid org.apache.hadoop Highest
Vendor jar package name hdfs Low
Vendor pom description Apache Hadoop HDFS Medium
Vendor pom groupid apache.hadoop Highest
Vendor pom name Apache Hadoop HDFS High
Vendor pom artifactid hadoop-hdfs Low
Vendor pom parent-groupid org.apache.hadoop Medium
Vendor file name hadoop-hdfs High
Product pom description Apache Hadoop HDFS Medium
Product pom name Apache Hadoop HDFS High
Product jar package name hadoop Low
Product pom groupid apache.hadoop Low
Product pom parent-artifactid hadoop-project-dist Medium
Product central artifactid hadoop-hdfs Highest
Product pom parent-groupid org.apache.hadoop Low
Product gradle artifactid hadoop-hdfs Highest
Product jar package name hdfs Low
Product file name hadoop-hdfs High
Product pom artifactid hadoop-hdfs Highest
Version file version 2.7.4 Highest
Version central version 2.7.4 Highest
Version pom version 2.7.4 Highest
htrace-core-3.2.0-incubating.jar
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.htrace\htrace-core\3.2.0-incubating\8797cf3230f01e8724ef27a0ed565dabb6998c64\htrace-core-3.2.0-incubating.jar
MD5: 0b1b1a63aca83a11545de49218a251bf
SHA1: 8797cf3230f01e8724ef27a0ed565dabb6998c64
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name apache Low
Vendor pom name htrace-core High
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor pom url http://incubator.apache.org/projects/htrace.html Highest
Vendor pom groupid apache.htrace Highest
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor jar package name htrace Low
Vendor pom parent-groupid org.apache.htrace Medium
Vendor jar package name fasterxml Low
Vendor Manifest Implementation-Vendor-Id org.apache.htrace Medium
Vendor central groupid org.apache.htrace Highest
Vendor pom artifactid htrace-core Low
Vendor file name htrace-core High
Vendor pom parent-artifactid htrace Low
Vendor gradle groupid org.apache.htrace Highest
Product Manifest specification-title htrace-core Medium
Product central artifactid htrace-core Highest
Product pom parent-artifactid htrace Medium
Product pom parent-groupid org.apache.htrace Low
Product pom name htrace-core High
Product Manifest Implementation-Title htrace-core High
Product jar package name htrace Low
Product pom artifactid htrace-core Highest
Product pom url http://incubator.apache.org/projects/htrace.html Medium
Product jar package name jackson Low
Product jar package name fasterxml Low
Product file name htrace-core High
Product pom groupid apache.htrace Low
Product gradle artifactid htrace-core Highest
Version pom version 3.2.0-incubating Highest
Version file version 3.2.0 Highest
Version central version 3.2.0-incubating Highest
Version Manifest Implementation-Version 3.2.0-incubating High
zookeeper-3.4.10.jar
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.zookeeper\zookeeper\3.4.10\8eebdbb7a9df83e02eaa42d0e5da0b57bf2e4da\zookeeper-3.4.10.jar
MD5: 550ce0afeb92ef4a75f194b143e23995
SHA1: 08eebdbb7a9df83e02eaa42d0e5da0b57bf2e4da
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name apache Low
Vendor Manifest bundle-symbolicname org.apache.hadoop.zookeeper Medium
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor jar package name server Low
Vendor file name zookeeper High
Vendor jar package name zookeeper Low
Vendor gradle groupid org.apache.zookeeper Highest
Vendor pom artifactid zookeeper Low
Vendor Manifest built-on sunil-Inspiron-3543 Low
Vendor central groupid org.apache.zookeeper Highest
Vendor Manifest bundle-docurl http://hadoop.apache.org/zookeeper Low
Vendor pom groupid apache.zookeeper Highest
Vendor Manifest built-at 03/23/2017 12:08 GMT Low
Product Manifest Bundle-Name ZooKeeper Bundle Medium
Product pom groupid apache.zookeeper Low
Product gradle artifactid zookeeper Highest
Product Manifest bundle-symbolicname org.apache.hadoop.zookeeper Medium
Product jar package name server Low
Product file name zookeeper High
Product Manifest Implementation-Title org.apache.zookeeper High
Product jar package name zookeeper Low
Product pom artifactid zookeeper Highest
Product Manifest built-on sunil-Inspiron-3543 Low
Product Manifest bundle-docurl http://hadoop.apache.org/zookeeper Low
Product central artifactid zookeeper Highest
Product Manifest built-at 03/23/2017 12:08 GMT Low
Version file version 3.4.10 Highest
Version central version 3.4.10 Highest
Version pom version 3.4.10 Highest
Published Vulnerabilities
CVE-2014-0085 suppress
Severity:
Low
CVSS Score: 2.1
(AV:L/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-255 Credentials Management
Apache Zookeeper logs cleartext admin passwords, which allows local users to obtain sensitive information by reading the log.
Vulnerable Software & Versions: (show all )
jackson-core-asl-1.9.13.jar
Description: Jackson is a high-performance JSON processor (parser, generator)
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.codehaus.jackson\jackson-core-asl\1.9.13\3c304d70f42f832e0a86d45bd437f692129299a4\jackson-core-asl-1.9.13.jar
MD5: 319c49a4304e3fa9fe3cd8dcfc009d37
SHA1: 3c304d70f42f832e0a86d45bd437f692129299a4
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom description Jackson is a high-performance JSON processor (parser, generator)
Medium
Vendor gradle groupid org.codehaus.jackson Highest
Vendor pom groupid codehaus.jackson Highest
Vendor pom organization url http://fasterxml.com Medium
Vendor jar package name jackson Low
Vendor jar package name codehaus Low
Vendor pom url http://jackson.codehaus.org Highest
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5, JavaSE-1.6 Low
Vendor Manifest Implementation-Vendor http://fasterxml.com High
Vendor pom organization name FasterXML High
Vendor Manifest bundle-symbolicname jackson-core-asl Medium
Vendor pom artifactid jackson-core-asl Low
Vendor file name jackson-core-asl High
Vendor Manifest specification-vendor http://www.ietf.org/rfc/rfc4627.txt Low
Vendor pom name Jackson High
Vendor central groupid org.codehaus.jackson Highest
Product pom description Jackson is a high-performance JSON processor (parser, generator)
Medium
Product Manifest Implementation-Title Jackson JSON processor High
Product pom artifactid jackson-core-asl Highest
Product pom url http://jackson.codehaus.org Medium
Product Manifest specification-title JSON - JavaScript Object Notation Medium
Product Manifest Bundle-Name Jackson JSON processor Medium
Product pom groupid codehaus.jackson Low
Product pom organization url http://fasterxml.com Low
Product jar package name jackson Low
Product central artifactid jackson-core-asl Highest
Product pom organization name FasterXML Low
Product Manifest bundle-requiredexecutionenvironment J2SE-1.5, JavaSE-1.6 Low
Product gradle artifactid jackson-core-asl Highest
Product Manifest bundle-symbolicname jackson-core-asl Medium
Product file name jackson-core-asl High
Product pom name Jackson High
Version central version 1.9.13 Highest
Version file version 1.9.13 Highest
Version Manifest Implementation-Version 1.9.13 High
Version pom version 1.9.13 Highest
jackson-mapper-asl-1.9.13.jar
Description: Data Mapper package is a high-performance data binding package
built on Jackson JSON processor
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.codehaus.jackson\jackson-mapper-asl\1.9.13\1ee2f2bed0e5dd29d1cb155a166e6f8d50bbddb7\jackson-mapper-asl-1.9.13.jar
MD5: 1750f9c339352fc4b728d61b57171613
SHA1: 1ee2f2bed0e5dd29d1cb155a166e6f8d50bbddb7
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom artifactid jackson-mapper-asl Low
Vendor gradle groupid org.codehaus.jackson Highest
Vendor file name jackson-mapper-asl High
Vendor pom groupid codehaus.jackson Highest
Vendor jar package name map Low
Vendor pom organization url http://fasterxml.com Medium
Vendor jar package name jackson Low
Vendor jar package name codehaus Low
Vendor pom url http://jackson.codehaus.org Highest
Vendor pom description Data Mapper package is a high-performance data binding package
built on Jackson JSON processor
Medium
Vendor Manifest bundle-symbolicname jackson-mapper-asl Medium
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5, JavaSE-1.6 Low
Vendor Manifest Implementation-Vendor http://fasterxml.com High
Vendor pom organization name FasterXML High
Vendor pom name Data Mapper for Jackson High
Vendor central groupid org.codehaus.jackson Highest
Product gradle artifactid jackson-mapper-asl Highest
Product file name jackson-mapper-asl High
Product pom url http://jackson.codehaus.org Medium
Product Manifest Implementation-Title Data mapper for Jackson JSON processor High
Product pom groupid codehaus.jackson Low
Product jar package name map Low
Product pom organization url http://fasterxml.com Low
Product jar package name jackson Low
Product pom organization name FasterXML Low
Product pom description Data Mapper package is a high-performance data binding package
built on Jackson JSON processor
Medium
Product Manifest bundle-symbolicname jackson-mapper-asl Medium
Product Manifest bundle-requiredexecutionenvironment J2SE-1.5, JavaSE-1.6 Low
Product pom artifactid jackson-mapper-asl Highest
Product Manifest Bundle-Name Data mapper for Jackson JSON processor Medium
Product central artifactid jackson-mapper-asl Highest
Product pom name Data Mapper for Jackson High
Version central version 1.9.13 Highest
Version file version 1.9.13 Highest
Version Manifest Implementation-Version 1.9.13 High
Version pom version 1.9.13 Highest
commons-compiler-2.7.6.jar
Description: Janino is a super-small, super-fast Java compiler.
License:
http://dist.codehaus.org/janino/new_bsd_license.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.codehaus.janino\commons-compiler\2.7.6\b71e76d942b33dfa26e4e3047ff2a774d1f917b4\commons-compiler-2.7.6.jar
MD5: b729cc841ca68ecf82dd8b035196a28a
SHA1: b71e76d942b33dfa26e4e3047ff2a774d1f917b4
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom artifactid commons-compiler Low
Vendor manifest Bundle-Description Janino is a super-small, super-fast Java compiler. Medium
Vendor gradle groupid org.codehaus.janino Highest
Vendor pom name Commons Compiler High
Vendor jar package name compiler Low
Vendor Manifest bundle-symbolicname org.codehaus.janino.commons-compiler;singleton:=true Medium
Vendor jar package name codehaus Low
Vendor jar package name commons Low
Vendor pom groupid codehaus.janino Highest
Vendor pom parent-artifactid janino-parent Low
Vendor pom parent-groupid org.codehaus.janino Medium
Vendor central groupid org.codehaus.janino Highest
Vendor file name commons-compiler High
Product gradle artifactid commons-compiler Highest
Product manifest Bundle-Description Janino is a super-small, super-fast Java compiler. Medium
Product pom name Commons Compiler High
Product jar package name compiler Low
Product central artifactid commons-compiler Highest
Product pom parent-groupid org.codehaus.janino Low
Product Manifest bundle-symbolicname org.codehaus.janino.commons-compiler;singleton:=true Medium
Product pom groupid codehaus.janino Low
Product jar package name commons Low
Product pom parent-artifactid janino-parent Medium
Product pom artifactid commons-compiler Highest
Product Manifest Bundle-Name Commons-Compiler Medium
Product file name commons-compiler High
Version pom version 2.7.6 Highest
Version central version 2.7.6 Highest
Version file version 2.7.6 Highest
janino-2.7.6.jar
Description: Janino is a super-small, super-fast Java compiler.
License:
http://dist.codehaus.org/janino/new_bsd_license.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.codehaus.janino\janino\2.7.6\37fde5de7edd5d7ebe075f03f4c083df2ac73dd8\janino-2.7.6.jar
MD5: 887a4a895315470f4ddf3203ef4cb115
SHA1: 37fde5de7edd5d7ebe075f03f4c083df2ac73dd8
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor manifest Bundle-Description Janino is a super-small, super-fast Java compiler. Medium
Vendor gradle groupid org.codehaus.janino Highest
Vendor Manifest implementation-url http://janino.net Low
Vendor jar package name codehaus Low
Vendor pom name Janino High
Vendor pom groupid codehaus.janino Highest
Vendor pom parent-artifactid janino-parent Low
Vendor pom parent-groupid org.codehaus.janino Medium
Vendor central groupid org.codehaus.janino Highest
Vendor file name janino High
Vendor jar package name janino Low
Vendor Manifest bundle-symbolicname org.cohehaus.janino;singleton:=true Medium
Vendor Manifest require-bundle org.codehaus.janino.commons-compiler Low
Vendor pom artifactid janino Low
Product manifest Bundle-Description Janino is a super-small, super-fast Java compiler. Medium
Product Manifest implementation-url http://janino.net Low
Product gradle artifactid janino Highest
Product pom artifactid janino Highest
Product pom parent-groupid org.codehaus.janino Low
Product Manifest Bundle-Name Janino Medium
Product pom groupid codehaus.janino Low
Product pom parent-artifactid janino-parent Medium
Product pom name Janino High
Product central artifactid janino Highest
Product file name janino High
Product jar package name janino Low
Product Manifest bundle-symbolicname org.cohehaus.janino;singleton:=true Medium
Product Manifest require-bundle org.codehaus.janino.commons-compiler Low
Version pom version 2.7.6 Highest
Version central version 2.7.6 Highest
Version file version 2.7.6 Highest
Version Manifest Implementation-Version 2.7.6 High
stax2-api-3.1.4.jar
Description: tax2 API is an extension to basic Stax 1.0 API that adds significant new functionality, such as full-featured bi-direction validation interface and high-performance Typed Access API.
License:
The BSD License: http://www.opensource.org/licenses/bsd-license.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.codehaus.woodstox\stax2-api\3.1.4\ac19014b1e6a7c08aad07fe114af792676b685b7\stax2-api-3.1.4.jar
MD5: c08e89de601b0a78f941b2c29db565c3
SHA1: ac19014b1e6a7c08aad07fe114af792676b685b7
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom description tax2 API is an extension to basic Stax 1.0 API that adds significant new functionality, such as full-featured bi-direction validation interface and high-performance Typed Access API. Low
Vendor pom artifactid stax2-api Low
Vendor file name stax2-api High
Vendor Manifest bundle-symbolicname stax2-api Medium
Vendor manifest Bundle-Description tax2 API is an extension to basic Stax 1.0 API that adds significant new functionality, such as full-featured bi-direction validation interface and high-performance Typed Access API. Low
Vendor pom organization url http://fasterxml.com Medium
Vendor pom url http://wiki.fasterxml.com/WoodstoxStax2 Highest
Vendor Manifest bundle-docurl http://fasterxml.com Low
Vendor central groupid org.codehaus.woodstox Highest
Vendor pom organization name fasterxml.com High
Vendor gradle groupid org.codehaus.woodstox Highest
Vendor pom groupid codehaus.woodstox Highest
Vendor pom name Stax2 API High
Product gradle artifactid stax2-api Highest
Product pom description tax2 API is an extension to basic Stax 1.0 API that adds significant new functionality, such as full-featured bi-direction validation interface and high-performance Typed Access API. Low
Product pom groupid codehaus.woodstox Low
Product file name stax2-api High
Product Manifest bundle-symbolicname stax2-api Medium
Product manifest Bundle-Description tax2 API is an extension to basic Stax 1.0 API that adds significant new functionality, such as full-featured bi-direction validation interface and high-performance Typed Access API. Low
Product pom organization url http://fasterxml.com Low
Product pom organization name fasterxml.com Low
Product Manifest bundle-docurl http://fasterxml.com Low
Product central artifactid stax2-api Highest
Product pom artifactid stax2-api Highest
Product pom url http://wiki.fasterxml.com/WoodstoxStax2 Medium
Product pom name Stax2 API High
Product Manifest Bundle-Name Stax2 API Medium
Version pom version 3.1.4 Highest
Version file version 3.1.4 Highest
Version central version 3.1.4 Highest
jetty-continuation-9.3.20.v20170531.jar
Description: Asynchronous API
License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.jetty\jetty-continuation\9.3.20.v20170531\176f1ef8366257e7b6214c3bbd710cf47593135\jetty-continuation-9.3.20.v20170531.jar
MD5: 1c28d7cd2ce53efa5987cca2de2130b9
SHA1: 0176f1ef8366257e7b6214c3bbd710cf47593135
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest Implementation-Vendor Eclipse.org - Jetty High
Vendor Manifest bundle-symbolicname org.eclipse.jetty.continuation Medium
Vendor Manifest originally-created-by Apache Maven Bundle Plugin Low
Vendor pom parent-artifactid jetty-project Low
Vendor file name jetty-continuation High
Vendor pom groupid eclipse.jetty Highest
Vendor pom parent-groupid org.eclipse.jetty Medium
Vendor Manifest bundle-docurl http://www.eclipse.org/jetty Low
Vendor manifest Bundle-Description Jetty module for Jetty :: Continuation Medium
Vendor pom url http://www.eclipse.org/jetty Highest
Vendor central groupid org.eclipse.jetty Highest
Vendor gradle groupid org.eclipse.jetty Highest
Vendor pom description Asynchronous API Medium
Vendor pom name Jetty :: Continuation High
Vendor pom artifactid jetty-continuation Low
Vendor Manifest url http://www.eclipse.org/jetty Low
Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.8 Low
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low
Vendor Manifest bundle-copyright Copyright (c) 2008-2017 Mort Bay Consulting Pty. Ltd. Low
Product Manifest bundle-symbolicname org.eclipse.jetty.continuation Medium
Product Manifest originally-created-by Apache Maven Bundle Plugin Low
Product Manifest Bundle-Name Jetty :: Continuation Medium
Product file name jetty-continuation High
Product Manifest bundle-docurl http://www.eclipse.org/jetty Low
Product pom artifactid jetty-continuation Highest
Product manifest Bundle-Description Jetty module for Jetty :: Continuation Medium
Product central artifactid jetty-continuation Highest
Product pom description Asynchronous API Medium
Product pom url http://www.eclipse.org/jetty Medium
Product pom name Jetty :: Continuation High
Product gradle artifactid jetty-continuation Highest
Product Manifest url http://www.eclipse.org/jetty Low
Product pom groupid eclipse.jetty Low
Product pom parent-groupid org.eclipse.jetty Low
Product Manifest bundle-requiredexecutionenvironment JavaSE-1.8 Low
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low
Product pom parent-artifactid jetty-project Medium
Product Manifest bundle-copyright Copyright (c) 2008-2017 Mort Bay Consulting Pty. Ltd. Low
Version pom version 9.3.20.v20170531 Highest
Version central version 9.3.20.v20170531 Highest
Version file version 9.3.20.v20170531 Highest
Version Manifest Implementation-Version 9.3.20.v20170531 High
Published Vulnerabilities
CVE-2017-9735 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure
Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.
Vulnerable Software & Versions:
jetty-deploy-9.3.20.v20170531.jar
Description: Jetty deployers
License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.jetty\jetty-deploy\9.3.20.v20170531\160c0cefd2fddacd040c41801f40a5a372a9302c\jetty-deploy-9.3.20.v20170531.jar
MD5: c88b2f7b4325dbd296c476276b99537c
SHA1: 160c0cefd2fddacd040c41801f40a5a372a9302c
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest Implementation-Vendor Eclipse.org - Jetty High
Vendor Manifest originally-created-by Apache Maven Bundle Plugin Low
Vendor pom parent-artifactid jetty-project Low
Vendor manifest Bundle-Description Jetty module for Jetty :: Deployers Medium
Vendor pom groupid eclipse.jetty Highest
Vendor pom parent-groupid org.eclipse.jetty Medium
Vendor file name jetty-deploy High
Vendor Manifest bundle-docurl http://www.eclipse.org/jetty Low
Vendor Manifest bundle-symbolicname org.eclipse.jetty.deploy Medium
Vendor pom description Jetty deployers Medium
Vendor pom url http://www.eclipse.org/jetty Highest
Vendor central groupid org.eclipse.jetty Highest
Vendor gradle groupid org.eclipse.jetty Highest
Vendor pom name Jetty :: Deployers High
Vendor Manifest url http://www.eclipse.org/jetty Low
Vendor pom artifactid jetty-deploy Low
Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.8 Low
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low
Vendor Manifest bundle-copyright Copyright (c) 2008-2017 Mort Bay Consulting Pty. Ltd. Low
Product Manifest originally-created-by Apache Maven Bundle Plugin Low
Product Manifest Bundle-Name Jetty :: Deployers Medium
Product manifest Bundle-Description Jetty module for Jetty :: Deployers Medium
Product file name jetty-deploy High
Product Manifest bundle-docurl http://www.eclipse.org/jetty Low
Product gradle artifactid jetty-deploy Highest
Product central artifactid jetty-deploy Highest
Product Manifest bundle-symbolicname org.eclipse.jetty.deploy Medium
Product pom description Jetty deployers Medium
Product pom url http://www.eclipse.org/jetty Medium
Product pom name Jetty :: Deployers High
Product pom artifactid jetty-deploy Highest
Product Manifest url http://www.eclipse.org/jetty Low
Product pom groupid eclipse.jetty Low
Product pom parent-groupid org.eclipse.jetty Low
Product Manifest bundle-requiredexecutionenvironment JavaSE-1.8 Low
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low
Product pom parent-artifactid jetty-project Medium
Product Manifest bundle-copyright Copyright (c) 2008-2017 Mort Bay Consulting Pty. Ltd. Low
Version pom version 9.3.20.v20170531 Highest
Version central version 9.3.20.v20170531 Highest
Version file version 9.3.20.v20170531 Highest
Version Manifest Implementation-Version 9.3.20.v20170531 High
Published Vulnerabilities
CVE-2017-9735 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure
Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.
Vulnerable Software & Versions:
jetty-http-9.3.20.v20170531.jar
Description: Jetty module for Jetty :: Http Utility
License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.jetty\jetty-http\9.3.20.v20170531\32f5fe22ed468a49df1ffcbb27c39c1b53f261aa\jetty-http-9.3.20.v20170531.jar
MD5: b9ea5e7cd37d187fed052609265f53d0
SHA1: 32f5fe22ed468a49df1ffcbb27c39c1b53f261aa
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest Implementation-Vendor Eclipse.org - Jetty High
Vendor file name jetty-http High
Vendor Manifest originally-created-by Apache Maven Bundle Plugin Low
Vendor pom parent-artifactid jetty-project Low
Vendor pom groupid eclipse.jetty Highest
Vendor Manifest bundle-symbolicname org.eclipse.jetty.http Medium
Vendor pom parent-groupid org.eclipse.jetty Medium
Vendor Manifest bundle-docurl http://www.eclipse.org/jetty Low
Vendor pom name Jetty :: Http Utility High
Vendor pom url http://www.eclipse.org/jetty Highest
Vendor central groupid org.eclipse.jetty Highest
Vendor pom artifactid jetty-http Low
Vendor gradle groupid org.eclipse.jetty Highest
Vendor manifest Bundle-Description Jetty module for Jetty :: Http Utility Medium
Vendor Manifest url http://www.eclipse.org/jetty Low
Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.8 Low
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low
Vendor Manifest bundle-copyright Copyright (c) 2008-2017 Mort Bay Consulting Pty. Ltd. Low
Product file name jetty-http High
Product Manifest originally-created-by Apache Maven Bundle Plugin Low
Product gradle artifactid jetty-http Highest
Product Manifest bundle-symbolicname org.eclipse.jetty.http Medium
Product Manifest bundle-docurl http://www.eclipse.org/jetty Low
Product pom name Jetty :: Http Utility High
Product Manifest Bundle-Name Jetty :: Http Utility Medium
Product pom url http://www.eclipse.org/jetty Medium
Product pom artifactid jetty-http Highest
Product manifest Bundle-Description Jetty module for Jetty :: Http Utility Medium
Product central artifactid jetty-http Highest
Product Manifest url http://www.eclipse.org/jetty Low
Product pom groupid eclipse.jetty Low
Product pom parent-groupid org.eclipse.jetty Low
Product Manifest bundle-requiredexecutionenvironment JavaSE-1.8 Low
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low
Product pom parent-artifactid jetty-project Medium
Product Manifest bundle-copyright Copyright (c) 2008-2017 Mort Bay Consulting Pty. Ltd. Low
Version pom version 9.3.20.v20170531 Highest
Version central version 9.3.20.v20170531 Highest
Version file version 9.3.20.v20170531 Highest
Version Manifest Implementation-Version 9.3.20.v20170531 High
Published Vulnerabilities
CVE-2017-9735 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure
Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.
Vulnerable Software & Versions:
jetty-io-9.3.20.v20170531.jar
Description: Jetty module for Jetty :: IO Utility
License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.jetty\jetty-io\9.3.20.v20170531\5b68e7761fcacefcf26ad9ab50943db65fda2c3d\jetty-io-9.3.20.v20170531.jar
MD5: b295516e5fed7cc46742a96200bf288c
SHA1: 5b68e7761fcacefcf26ad9ab50943db65fda2c3d
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest Implementation-Vendor Eclipse.org - Jetty High
Vendor Manifest originally-created-by Apache Maven Bundle Plugin Low
Vendor pom parent-artifactid jetty-project Low
Vendor pom groupid eclipse.jetty Highest
Vendor pom parent-groupid org.eclipse.jetty Medium
Vendor Manifest bundle-docurl http://www.eclipse.org/jetty Low
Vendor file name jetty-io High
Vendor Manifest bundle-symbolicname org.eclipse.jetty.io Medium
Vendor pom url http://www.eclipse.org/jetty Highest
Vendor central groupid org.eclipse.jetty Highest
Vendor pom artifactid jetty-io Low
Vendor gradle groupid org.eclipse.jetty Highest
Vendor Manifest url http://www.eclipse.org/jetty Low
Vendor pom name Jetty :: IO Utility High
Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.8 Low
Vendor manifest Bundle-Description Jetty module for Jetty :: IO Utility Medium
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low
Vendor Manifest bundle-copyright Copyright (c) 2008-2017 Mort Bay Consulting Pty. Ltd. Low
Product Manifest originally-created-by Apache Maven Bundle Plugin Low
Product Manifest Bundle-Name Jetty :: IO Utility Medium
Product Manifest bundle-docurl http://www.eclipse.org/jetty Low
Product gradle artifactid jetty-io Highest
Product file name jetty-io High
Product Manifest bundle-symbolicname org.eclipse.jetty.io Medium
Product pom url http://www.eclipse.org/jetty Medium
Product Manifest url http://www.eclipse.org/jetty Low
Product pom groupid eclipse.jetty Low
Product pom name Jetty :: IO Utility High
Product pom parent-groupid org.eclipse.jetty Low
Product pom artifactid jetty-io Highest
Product Manifest bundle-requiredexecutionenvironment JavaSE-1.8 Low
Product central artifactid jetty-io Highest
Product manifest Bundle-Description Jetty module for Jetty :: IO Utility Medium
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low
Product pom parent-artifactid jetty-project Medium
Product Manifest bundle-copyright Copyright (c) 2008-2017 Mort Bay Consulting Pty. Ltd. Low
Version pom version 9.3.20.v20170531 Highest
Version central version 9.3.20.v20170531 Highest
Version file version 9.3.20.v20170531 Highest
Version Manifest Implementation-Version 9.3.20.v20170531 High
jetty-jmx-9.3.20.v20170531.jar
Description: JMX management artifact for jetty.
License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.jetty\jetty-jmx\9.3.20.v20170531\4a28dd045b8992752ff7727f25cf9e888e9c8c4c\jetty-jmx-9.3.20.v20170531.jar
MD5: 0eb8be3bd9ec96452cfccb1b3e509fd6
SHA1: 4a28dd045b8992752ff7727f25cf9e888e9c8c4c
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest Implementation-Vendor Eclipse.org - Jetty High
Vendor Manifest originally-created-by Apache Maven Bundle Plugin Low
Vendor pom parent-artifactid jetty-project Low
Vendor pom name Jetty :: JMX Management High
Vendor pom groupid eclipse.jetty Highest
Vendor pom parent-groupid org.eclipse.jetty Medium
Vendor Manifest bundle-docurl http://www.eclipse.org/jetty Low
Vendor file name jetty-jmx High
Vendor pom url http://www.eclipse.org/jetty Highest
Vendor central groupid org.eclipse.jetty Highest
Vendor pom artifactid jetty-jmx Low
Vendor gradle groupid org.eclipse.jetty Highest
Vendor pom description JMX management artifact for jetty. Medium
Vendor Manifest url http://www.eclipse.org/jetty Low
Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.8 Low
Vendor Manifest bundle-symbolicname org.eclipse.jetty.jmx Medium
Vendor manifest Bundle-Description Jetty module for Jetty :: JMX Management Medium
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low
Vendor Manifest bundle-copyright Copyright (c) 2008-2017 Mort Bay Consulting Pty. Ltd. Low
Product Manifest originally-created-by Apache Maven Bundle Plugin Low
Product pom name Jetty :: JMX Management High
Product gradle artifactid jetty-jmx Highest
Product Manifest bundle-docurl http://www.eclipse.org/jetty Low
Product file name jetty-jmx High
Product Manifest Bundle-Name Jetty :: JMX Management Medium
Product central artifactid jetty-jmx Highest
Product pom url http://www.eclipse.org/jetty Medium
Product pom description JMX management artifact for jetty. Medium
Product pom artifactid jetty-jmx Highest
Product Manifest url http://www.eclipse.org/jetty Low
Product pom groupid eclipse.jetty Low
Product pom parent-groupid org.eclipse.jetty Low
Product Manifest bundle-requiredexecutionenvironment JavaSE-1.8 Low
Product Manifest bundle-symbolicname org.eclipse.jetty.jmx Medium
Product manifest Bundle-Description Jetty module for Jetty :: JMX Management Medium
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low
Product pom parent-artifactid jetty-project Medium
Product Manifest bundle-copyright Copyright (c) 2008-2017 Mort Bay Consulting Pty. Ltd. Low
Version pom version 9.3.20.v20170531 Highest
Version central version 9.3.20.v20170531 Highest
Version file version 9.3.20.v20170531 Highest
Version Manifest Implementation-Version 9.3.20.v20170531 High
Published Vulnerabilities
CVE-2017-9735 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure
Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.
Vulnerable Software & Versions:
jetty-rewrite-9.3.20.v20170531.jar
Description: Jetty Rewrite Handler
License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.jetty\jetty-rewrite\9.3.20.v20170531\8fb029863ceb6531ee0e24c59a004f622226217b\jetty-rewrite-9.3.20.v20170531.jar
MD5: 8753b596ebfa613bd71662ec1335febb
SHA1: 8fb029863ceb6531ee0e24c59a004f622226217b
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest Implementation-Vendor Eclipse.org - Jetty High
Vendor Manifest originally-created-by Apache Maven Bundle Plugin Low
Vendor pom parent-artifactid jetty-project Low
Vendor pom name Jetty :: Rewrite Handler High
Vendor Manifest bundle-symbolicname org.eclipse.jetty.rewrite Medium
Vendor pom groupid eclipse.jetty Highest
Vendor pom parent-groupid org.eclipse.jetty Medium
Vendor Manifest bundle-docurl http://www.eclipse.org/jetty Low
Vendor file name jetty-rewrite High
Vendor pom description Jetty Rewrite Handler Medium
Vendor pom url http://www.eclipse.org/jetty Highest
Vendor central groupid org.eclipse.jetty Highest
Vendor gradle groupid org.eclipse.jetty Highest
Vendor pom artifactid jetty-rewrite Low
Vendor manifest Bundle-Description Jetty module for Jetty :: Rewrite Handler Medium
Vendor Manifest url http://www.eclipse.org/jetty Low
Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.8 Low
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low
Vendor Manifest bundle-copyright Copyright (c) 2008-2017 Mort Bay Consulting Pty. Ltd. Low
Product Manifest originally-created-by Apache Maven Bundle Plugin Low
Product pom name Jetty :: Rewrite Handler High
Product Manifest bundle-symbolicname org.eclipse.jetty.rewrite Medium
Product central artifactid jetty-rewrite Highest
Product Manifest bundle-docurl http://www.eclipse.org/jetty Low
Product Manifest Bundle-Name Jetty :: Rewrite Handler Medium
Product file name jetty-rewrite High
Product pom description Jetty Rewrite Handler Medium
Product gradle artifactid jetty-rewrite Highest
Product pom url http://www.eclipse.org/jetty Medium
Product manifest Bundle-Description Jetty module for Jetty :: Rewrite Handler Medium
Product Manifest url http://www.eclipse.org/jetty Low
Product pom groupid eclipse.jetty Low
Product pom parent-groupid org.eclipse.jetty Low
Product Manifest bundle-requiredexecutionenvironment JavaSE-1.8 Low
Product pom artifactid jetty-rewrite Highest
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low
Product pom parent-artifactid jetty-project Medium
Product Manifest bundle-copyright Copyright (c) 2008-2017 Mort Bay Consulting Pty. Ltd. Low
Version pom version 9.3.20.v20170531 Highest
Version central version 9.3.20.v20170531 Highest
Version file version 9.3.20.v20170531 Highest
Version Manifest Implementation-Version 9.3.20.v20170531 High
Published Vulnerabilities
CVE-2017-9735 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure
Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.
Vulnerable Software & Versions:
jetty-security-9.3.20.v20170531.jar
Description: Jetty security infrastructure
License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.jetty\jetty-security\9.3.20.v20170531\9e2ded957c05f447a0611fa64ca4ab5f7cc5aa65\jetty-security-9.3.20.v20170531.jar
MD5: 71ce7271d5f56f87302f4c56a9cd82b1
SHA1: 9e2ded957c05f447a0611fa64ca4ab5f7cc5aa65
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest Implementation-Vendor Eclipse.org - Jetty High
Vendor Manifest originally-created-by Apache Maven Bundle Plugin Low
Vendor pom parent-artifactid jetty-project Low
Vendor pom artifactid jetty-security Low
Vendor pom groupid eclipse.jetty Highest
Vendor pom parent-groupid org.eclipse.jetty Medium
Vendor file name jetty-security High
Vendor Manifest bundle-docurl http://www.eclipse.org/jetty Low
Vendor pom name Jetty :: Security High
Vendor manifest Bundle-Description Jetty module for Jetty :: Security Medium
Vendor pom url http://www.eclipse.org/jetty Highest
Vendor central groupid org.eclipse.jetty Highest
Vendor gradle groupid org.eclipse.jetty Highest
Vendor Manifest bundle-symbolicname org.eclipse.jetty.security Medium
Vendor Manifest url http://www.eclipse.org/jetty Low
Vendor pom description Jetty security infrastructure Medium
Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.8 Low
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low
Vendor Manifest bundle-copyright Copyright (c) 2008-2017 Mort Bay Consulting Pty. Ltd. Low
Product Manifest originally-created-by Apache Maven Bundle Plugin Low
Product gradle artifactid jetty-security Highest
Product Manifest Bundle-Name Jetty :: Security Medium
Product file name jetty-security High
Product Manifest bundle-docurl http://www.eclipse.org/jetty Low
Product pom name Jetty :: Security High
Product manifest Bundle-Description Jetty module for Jetty :: Security Medium
Product pom url http://www.eclipse.org/jetty Medium
Product central artifactid jetty-security Highest
Product pom artifactid jetty-security Highest
Product Manifest bundle-symbolicname org.eclipse.jetty.security Medium
Product Manifest url http://www.eclipse.org/jetty Low
Product pom groupid eclipse.jetty Low
Product pom parent-groupid org.eclipse.jetty Low
Product pom description Jetty security infrastructure Medium
Product Manifest bundle-requiredexecutionenvironment JavaSE-1.8 Low
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low
Product pom parent-artifactid jetty-project Medium
Product Manifest bundle-copyright Copyright (c) 2008-2017 Mort Bay Consulting Pty. Ltd. Low
Version pom version 9.3.20.v20170531 Highest
Version central version 9.3.20.v20170531 Highest
Version file version 9.3.20.v20170531 Highest
Version Manifest Implementation-Version 9.3.20.v20170531 High
Published Vulnerabilities
CVE-2017-9735 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure
Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.
Vulnerable Software & Versions:
jetty-server-9.3.20.v20170531.jar
Description: The core jetty server artifact.
License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.jetty\jetty-server\9.3.20.v20170531\6a1523d44ebb527eed068a5c8bfd22edd6a20530\jetty-server-9.3.20.v20170531.jar
MD5: 72bf06940de1eff7f1779aacddb956ec
SHA1: 6a1523d44ebb527eed068a5c8bfd22edd6a20530
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest Implementation-Vendor Eclipse.org - Jetty High
Vendor Manifest originally-created-by Apache Maven Bundle Plugin Low
Vendor Manifest bundle-symbolicname org.eclipse.jetty.server Medium
Vendor pom artifactid jetty-server Low
Vendor pom parent-artifactid jetty-project Low
Vendor pom groupid eclipse.jetty Highest
Vendor pom parent-groupid org.eclipse.jetty Medium
Vendor file name jetty-server High
Vendor Manifest bundle-docurl http://www.eclipse.org/jetty Low
Vendor manifest Bundle-Description Jetty module for Jetty :: Server Core Medium
Vendor pom url http://www.eclipse.org/jetty Highest
Vendor central groupid org.eclipse.jetty Highest
Vendor gradle groupid org.eclipse.jetty Highest
Vendor Manifest url http://www.eclipse.org/jetty Low
Vendor pom name Jetty :: Server Core High
Vendor pom description The core jetty server artifact. Medium
Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.8 Low
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low
Vendor Manifest bundle-copyright Copyright (c) 2008-2017 Mort Bay Consulting Pty. Ltd. Low
Product Manifest originally-created-by Apache Maven Bundle Plugin Low
Product Manifest bundle-symbolicname org.eclipse.jetty.server Medium
Product gradle artifactid jetty-server Highest
Product file name jetty-server High
Product Manifest bundle-docurl http://www.eclipse.org/jetty Low
Product manifest Bundle-Description Jetty module for Jetty :: Server Core Medium
Product Manifest Bundle-Name Jetty :: Server Core Medium
Product pom artifactid jetty-server Highest
Product pom url http://www.eclipse.org/jetty Medium
Product central artifactid jetty-server Highest
Product Manifest url http://www.eclipse.org/jetty Low
Product pom groupid eclipse.jetty Low
Product pom name Jetty :: Server Core High
Product pom description The core jetty server artifact. Medium
Product pom parent-groupid org.eclipse.jetty Low
Product Manifest bundle-requiredexecutionenvironment JavaSE-1.8 Low
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low
Product pom parent-artifactid jetty-project Medium
Product Manifest bundle-copyright Copyright (c) 2008-2017 Mort Bay Consulting Pty. Ltd. Low
Version pom version 9.3.20.v20170531 Highest
Version central version 9.3.20.v20170531 Highest
Version file version 9.3.20.v20170531 Highest
Version Manifest Implementation-Version 9.3.20.v20170531 High
Published Vulnerabilities
CVE-2017-9735 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure
Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.
Vulnerable Software & Versions:
jetty-servlet-9.3.20.v20170531.jar
Description: Jetty Servlet Container
License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.jetty\jetty-servlet\9.3.20.v20170531\21a698f9d58d03cdf58bf2a40f93de58c2eab138\jetty-servlet-9.3.20.v20170531.jar
MD5: 0c67bc178e97f109a1fa4f550b82d1ff
SHA1: 21a698f9d58d03cdf58bf2a40f93de58c2eab138
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest Implementation-Vendor Eclipse.org - Jetty High
Vendor Manifest originally-created-by Apache Maven Bundle Plugin Low
Vendor pom parent-artifactid jetty-project Low
Vendor pom groupid eclipse.jetty Highest
Vendor pom parent-groupid org.eclipse.jetty Medium
Vendor Manifest bundle-docurl http://www.eclipse.org/jetty Low
Vendor pom name Jetty :: Servlet Handling High
Vendor pom url http://www.eclipse.org/jetty Highest
Vendor central groupid org.eclipse.jetty Highest
Vendor gradle groupid org.eclipse.jetty Highest
Vendor manifest Bundle-Description Jetty module for Jetty :: Servlet Handling Medium
Vendor pom description Jetty Servlet Container Medium
Vendor Manifest url http://www.eclipse.org/jetty Low
Vendor file name jetty-servlet High
Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.8 Low
Vendor Manifest bundle-symbolicname org.eclipse.jetty.servlet Medium
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low
Vendor pom artifactid jetty-servlet Low
Vendor Manifest bundle-copyright Copyright (c) 2008-2017 Mort Bay Consulting Pty. Ltd. Low
Product central artifactid jetty-servlet Highest
Product Manifest originally-created-by Apache Maven Bundle Plugin Low
Product pom artifactid jetty-servlet Highest
Product Manifest Bundle-Name Jetty :: Servlet Handling Medium
Product Manifest bundle-docurl http://www.eclipse.org/jetty Low
Product pom name Jetty :: Servlet Handling High
Product pom url http://www.eclipse.org/jetty Medium
Product gradle artifactid jetty-servlet Highest
Product manifest Bundle-Description Jetty module for Jetty :: Servlet Handling Medium
Product pom description Jetty Servlet Container Medium
Product Manifest url http://www.eclipse.org/jetty Low
Product pom groupid eclipse.jetty Low
Product file name jetty-servlet High
Product pom parent-groupid org.eclipse.jetty Low
Product Manifest bundle-requiredexecutionenvironment JavaSE-1.8 Low
Product Manifest bundle-symbolicname org.eclipse.jetty.servlet Medium
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low
Product pom parent-artifactid jetty-project Medium
Product Manifest bundle-copyright Copyright (c) 2008-2017 Mort Bay Consulting Pty. Ltd. Low
Version pom version 9.3.20.v20170531 Highest
Version central version 9.3.20.v20170531 Highest
Version file version 9.3.20.v20170531 Highest
Version Manifest Implementation-Version 9.3.20.v20170531 High
Published Vulnerabilities
CVE-2017-9735 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure
Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.
Vulnerable Software & Versions:
jetty-servlets-9.3.20.v20170531.jar
Description: Utility Servlets from Jetty
License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.jetty\jetty-servlets\9.3.20.v20170531\bb3b1ddc06525eba71c37f51402996502d323a9\jetty-servlets-9.3.20.v20170531.jar
MD5: 4f63a03c7acb7225ed542015a691bc69
SHA1: 0bb3b1ddc06525eba71c37f51402996502d323a9
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest Implementation-Vendor Eclipse.org - Jetty High
Vendor Manifest originally-created-by Apache Maven Bundle Plugin Low
Vendor pom parent-artifactid jetty-project Low
Vendor manifest Bundle-Description Jetty module for Jetty :: Utility Servlets and Filters Medium
Vendor pom groupid eclipse.jetty Highest
Vendor pom artifactid jetty-servlets Low
Vendor pom parent-groupid org.eclipse.jetty Medium
Vendor Manifest bundle-docurl http://www.eclipse.org/jetty Low
Vendor pom description Utility Servlets from Jetty Medium
Vendor pom name Jetty :: Utility Servlets and Filters High
Vendor pom url http://www.eclipse.org/jetty Highest
Vendor central groupid org.eclipse.jetty Highest
Vendor gradle groupid org.eclipse.jetty Highest
Vendor file name jetty-servlets High
Vendor Manifest bundle-symbolicname org.eclipse.jetty.servlets Medium
Vendor Manifest url http://www.eclipse.org/jetty Low
Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.8 Low
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low
Vendor Manifest bundle-copyright Copyright (c) 2008-2017 Mort Bay Consulting Pty. Ltd. Low
Product Manifest originally-created-by Apache Maven Bundle Plugin Low
Product manifest Bundle-Description Jetty module for Jetty :: Utility Servlets and Filters Medium
Product Manifest bundle-docurl http://www.eclipse.org/jetty Low
Product pom description Utility Servlets from Jetty Medium
Product pom artifactid jetty-servlets Highest
Product Manifest Bundle-Name Jetty :: Utility Servlets and Filters Medium
Product pom name Jetty :: Utility Servlets and Filters High
Product central artifactid jetty-servlets Highest
Product pom url http://www.eclipse.org/jetty Medium
Product file name jetty-servlets High
Product Manifest bundle-symbolicname org.eclipse.jetty.servlets Medium
Product Manifest url http://www.eclipse.org/jetty Low
Product pom groupid eclipse.jetty Low
Product pom parent-groupid org.eclipse.jetty Low
Product gradle artifactid jetty-servlets Highest
Product Manifest bundle-requiredexecutionenvironment JavaSE-1.8 Low
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low
Product pom parent-artifactid jetty-project Medium
Product Manifest bundle-copyright Copyright (c) 2008-2017 Mort Bay Consulting Pty. Ltd. Low
Version pom version 9.3.20.v20170531 Highest
Version central version 9.3.20.v20170531 Highest
Version file version 9.3.20.v20170531 Highest
Version Manifest Implementation-Version 9.3.20.v20170531 High
Published Vulnerabilities
CVE-2017-9735 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure
Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.
Vulnerable Software & Versions:
jetty-util-9.3.20.v20170531.jar
Description: Utility classes for Jetty
License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.jetty\jetty-util\9.3.20.v20170531\19ce4203809da37f8ea7a5632704fa71b6f0ccc2\jetty-util-9.3.20.v20170531.jar
MD5: 6718dc66c89f29b787298afe5b08a68f
SHA1: 19ce4203809da37f8ea7a5632704fa71b6f0ccc2
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest Implementation-Vendor Eclipse.org - Jetty High
Vendor Manifest originally-created-by Apache Maven Bundle Plugin Low
Vendor file name jetty-util High
Vendor pom parent-artifactid jetty-project Low
Vendor pom groupid eclipse.jetty Highest
Vendor pom description Utility classes for Jetty Medium
Vendor pom parent-groupid org.eclipse.jetty Medium
Vendor Manifest bundle-docurl http://www.eclipse.org/jetty Low
Vendor pom artifactid jetty-util Low
Vendor pom url http://www.eclipse.org/jetty Highest
Vendor central groupid org.eclipse.jetty Highest
Vendor manifest Bundle-Description Jetty module for Jetty :: Utilities Medium
Vendor gradle groupid org.eclipse.jetty Highest
Vendor Manifest url http://www.eclipse.org/jetty Low
Vendor pom name Jetty :: Utilities High
Vendor Manifest bundle-symbolicname org.eclipse.jetty.util Medium
Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.8 Low
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low
Vendor Manifest bundle-copyright Copyright (c) 2008-2017 Mort Bay Consulting Pty. Ltd. Low
Product Manifest originally-created-by Apache Maven Bundle Plugin Low
Product file name jetty-util High
Product pom description Utility classes for Jetty Medium
Product central artifactid jetty-util Highest
Product Manifest bundle-docurl http://www.eclipse.org/jetty Low
Product gradle artifactid jetty-util Highest
Product manifest Bundle-Description Jetty module for Jetty :: Utilities Medium
Product pom url http://www.eclipse.org/jetty Medium
Product Manifest url http://www.eclipse.org/jetty Low
Product pom groupid eclipse.jetty Low
Product pom artifactid jetty-util Highest
Product pom name Jetty :: Utilities High
Product pom parent-groupid org.eclipse.jetty Low
Product Manifest bundle-symbolicname org.eclipse.jetty.util Medium
Product Manifest bundle-requiredexecutionenvironment JavaSE-1.8 Low
Product Manifest Bundle-Name Jetty :: Utilities Medium
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low
Product pom parent-artifactid jetty-project Medium
Product Manifest bundle-copyright Copyright (c) 2008-2017 Mort Bay Consulting Pty. Ltd. Low
Version pom version 9.3.20.v20170531 Highest
Version central version 9.3.20.v20170531 Highest
Version file version 9.3.20.v20170531 Highest
Version Manifest Implementation-Version 9.3.20.v20170531 High
Published Vulnerabilities
CVE-2017-9735 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure
Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.
Vulnerable Software & Versions:
jetty-webapp-9.3.20.v20170531.jar
Description: Jetty web application support
License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.jetty\jetty-webapp\9.3.20.v20170531\5b41166ce279c481216501d45c0d0f4f6da23c0b\jetty-webapp-9.3.20.v20170531.jar
MD5: 9003b754b85d1292390339dcf4db140e
SHA1: 5b41166ce279c481216501d45c0d0f4f6da23c0b
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest Implementation-Vendor Eclipse.org - Jetty High
Vendor file name jetty-webapp High
Vendor Manifest originally-created-by Apache Maven Bundle Plugin Low
Vendor pom parent-artifactid jetty-project Low
Vendor pom artifactid jetty-webapp Low
Vendor pom groupid eclipse.jetty Highest
Vendor pom parent-groupid org.eclipse.jetty Medium
Vendor pom name Jetty :: Webapp Application Support High
Vendor Manifest bundle-docurl http://www.eclipse.org/jetty Low
Vendor manifest Bundle-Description Jetty module for Jetty :: Webapp Application Support Medium
Vendor pom url http://www.eclipse.org/jetty Highest
Vendor central groupid org.eclipse.jetty Highest
Vendor gradle groupid org.eclipse.jetty Highest
Vendor Manifest bundle-symbolicname org.eclipse.jetty.webapp Medium
Vendor pom description Jetty web application support Medium
Vendor Manifest url http://www.eclipse.org/jetty Low
Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.8 Low
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low
Vendor Manifest bundle-copyright Copyright (c) 2008-2017 Mort Bay Consulting Pty. Ltd. Low
Product file name jetty-webapp High
Product Manifest originally-created-by Apache Maven Bundle Plugin Low
Product pom name Jetty :: Webapp Application Support High
Product central artifactid jetty-webapp Highest
Product Manifest bundle-docurl http://www.eclipse.org/jetty Low
Product manifest Bundle-Description Jetty module for Jetty :: Webapp Application Support Medium
Product gradle artifactid jetty-webapp Highest
Product pom url http://www.eclipse.org/jetty Medium
Product Manifest Bundle-Name Jetty :: Webapp Application Support Medium
Product Manifest bundle-symbolicname org.eclipse.jetty.webapp Medium
Product pom description Jetty web application support Medium
Product Manifest url http://www.eclipse.org/jetty Low
Product pom groupid eclipse.jetty Low
Product pom parent-groupid org.eclipse.jetty Low
Product Manifest bundle-requiredexecutionenvironment JavaSE-1.8 Low
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low
Product pom artifactid jetty-webapp Highest
Product pom parent-artifactid jetty-project Medium
Product Manifest bundle-copyright Copyright (c) 2008-2017 Mort Bay Consulting Pty. Ltd. Low
Version pom version 9.3.20.v20170531 Highest
Version central version 9.3.20.v20170531 Highest
Version file version 9.3.20.v20170531 Highest
Version Manifest Implementation-Version 9.3.20.v20170531 High
Published Vulnerabilities
CVE-2017-9735 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure
Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.
Vulnerable Software & Versions:
jetty-xml-9.3.20.v20170531.jar
Description: The jetty xml utilities.
License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.jetty\jetty-xml\9.3.20.v20170531\9f3f158a6a4587c4283561a3a3fc5a187173becf\jetty-xml-9.3.20.v20170531.jar
MD5: d5a8bab27a3ac30cff5e878854844d28
SHA1: 9f3f158a6a4587c4283561a3a3fc5a187173becf
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest Implementation-Vendor Eclipse.org - Jetty High
Vendor pom description The jetty xml utilities. Medium
Vendor Manifest originally-created-by Apache Maven Bundle Plugin Low
Vendor pom parent-artifactid jetty-project Low
Vendor Manifest bundle-symbolicname org.eclipse.jetty.xml Medium
Vendor pom groupid eclipse.jetty Highest
Vendor pom parent-groupid org.eclipse.jetty Medium
Vendor Manifest bundle-docurl http://www.eclipse.org/jetty Low
Vendor manifest Bundle-Description Jetty module for Jetty :: XML utilities Medium
Vendor pom url http://www.eclipse.org/jetty Highest
Vendor central groupid org.eclipse.jetty Highest
Vendor file name jetty-xml High
Vendor gradle groupid org.eclipse.jetty Highest
Vendor pom artifactid jetty-xml Low
Vendor pom name Jetty :: XML utilities High
Vendor Manifest url http://www.eclipse.org/jetty Low
Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.8 Low
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low
Vendor Manifest bundle-copyright Copyright (c) 2008-2017 Mort Bay Consulting Pty. Ltd. Low
Product pom description The jetty xml utilities. Medium
Product Manifest originally-created-by Apache Maven Bundle Plugin Low
Product pom artifactid jetty-xml Highest
Product Manifest bundle-symbolicname org.eclipse.jetty.xml Medium
Product Manifest bundle-docurl http://www.eclipse.org/jetty Low
Product central artifactid jetty-xml Highest
Product Manifest Bundle-Name Jetty :: XML utilities Medium
Product manifest Bundle-Description Jetty module for Jetty :: XML utilities Medium
Product file name jetty-xml High
Product pom url http://www.eclipse.org/jetty Medium
Product pom name Jetty :: XML utilities High
Product gradle artifactid jetty-xml Highest
Product Manifest url http://www.eclipse.org/jetty Low
Product pom groupid eclipse.jetty Low
Product pom parent-groupid org.eclipse.jetty Low
Product Manifest bundle-requiredexecutionenvironment JavaSE-1.8 Low
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low
Product pom parent-artifactid jetty-project Medium
Product Manifest bundle-copyright Copyright (c) 2008-2017 Mort Bay Consulting Pty. Ltd. Low
Version pom version 9.3.20.v20170531 Highest
Version central version 9.3.20.v20170531 Highest
Version file version 9.3.20.v20170531 Highest
Version Manifest Implementation-Version 9.3.20.v20170531 High
Published Vulnerabilities
CVE-2017-9735 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure
Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.
Vulnerable Software & Versions:
spatial4j-0.6.jar
Description:
Spatial4j is a general purpose spatial / geospatial ASL licensed open-source Java library. It's
core capabilities are 3-fold: to provide common geospatially-aware shapes, to provide distance
calculations and other math, and to read shape formats like WKT and GeoJSON.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.locationtech.spatial4j\spatial4j\0.6\21b15310bddcfd8c72611c180f20cf23279809a3\spatial4j-0.6.jar
MD5: baaffe1b4800337f0856c6160c255c35
SHA1: 21b15310bddcfd8c72611c180f20cf23279809a3
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom url http://www.locationtech.org/projects/locationtech.spatial4j Highest
Vendor pom description Spatial4j is a general purpose spatial / geospatial ASL licensed open-source Java library. It's core capabilities are 3-fold: to provide common geospatially-aware shapes, to provide distance calculations and other math, and to read shape formats ... Low
Vendor central groupid org.locationtech.spatial4j Highest
Vendor Manifest bundle-symbolicname org.locationtech.spatial4j Medium
Vendor pom organization name LocationTech High
Vendor pom artifactid spatial4j Low
Vendor pom organization url http://www.locationtech.org/ Medium
Vendor Manifest bundle-docurl http://www.locationtech.org/ Low
Vendor file name spatial4j High
Vendor pom groupid locationtech.spatial4j Highest
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Vendor pom name Spatial4J High
Vendor manifest Bundle-Description Spatial4j is a general purpose spatial / geospatial ASL licensed open-source Java library. It's core capabilities are 3-fold: to provide common geospatially-aware shapes, to provide distance calculations and other math, and to read shape formats ... Low
Vendor gradle groupid org.locationtech.spatial4j Highest
Product pom groupid locationtech.spatial4j Low
Product pom organization url http://www.locationtech.org/ Low
Product pom artifactid spatial4j Highest
Product pom description Spatial4j is a general purpose spatial / geospatial ASL licensed open-source Java library. It's core capabilities are 3-fold: to provide common geospatially-aware shapes, to provide distance calculations and other math, and to read shape formats ... Low
Product Manifest bundle-symbolicname org.locationtech.spatial4j Medium
Product pom organization name LocationTech Low
Product pom url http://www.locationtech.org/projects/locationtech.spatial4j Medium
Product Manifest bundle-docurl http://www.locationtech.org/ Low
Product file name spatial4j High
Product gradle artifactid spatial4j Highest
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Product central artifactid spatial4j Highest
Product pom name Spatial4J High
Product manifest Bundle-Description Spatial4j is a general purpose spatial / geospatial ASL licensed open-source Java library. It's core capabilities are 3-fold: to provide common geospatially-aware shapes, to provide distance calculations and other math, and to read shape formats ... Low
Product Manifest Bundle-Name Spatial4J Medium
Version pom version 0.6 Highest
Version file version 0.6 Highest
Version central version 0.6 Highest
noggit-0.8.jar
Description: Noggit is the world's fastest streaming JSON parser for Java.
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.noggit\noggit\0.8\ba4ad65a62d7dfcf97a8d42c82ae7d8824f9087f\noggit-0.8.jar
MD5: 6856f2ceab2dd7128595e4659d22d581
SHA1: ba4ad65a62d7dfcf97a8d42c82ae7d8824f9087f
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom description Noggit is the world's fastest streaming JSON parser for Java. Medium
Vendor pom groupid noggit Highest
Vendor file name noggit High
Vendor pom name Noggit High
Vendor pom artifactid noggit Low
Vendor gradle groupid org.noggit Highest
Vendor jar package name noggit Low
Vendor central groupid org.noggit Highest
Vendor pom url http://github.com/yonik/noggit Highest
Product pom url http://github.com/yonik/noggit Medium
Product pom description Noggit is the world's fastest streaming JSON parser for Java. Medium
Product file name noggit High
Product central artifactid noggit Highest
Product pom name Noggit High
Product gradle artifactid noggit Highest
Product pom artifactid noggit Highest
Product pom groupid noggit Low
Version file version 0.8 Highest
Version central version 0.8 Highest
Version pom version 0.8 Highest
asm-commons-5.1.jar
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.ow2.asm\asm-commons\5.1\25d8a575034dd9cfcb375a39b5334f0ba9c8474e\asm-commons-5.1.jar
MD5: 38839fb32c40f7f70986e9c282de0018
SHA1: 25d8a575034dd9cfcb375a39b5334f0ba9c8474e
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest bundle-docurl http://asm.objectweb.org Low
Vendor jar package name asm Low
Vendor Manifest Implementation-Vendor France Telecom R&D High
Vendor central groupid org.ow2.asm Highest
Vendor pom artifactid asm-commons Low
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.3 Low
Vendor gradle groupid org.ow2.asm Highest
Vendor jar package name objectweb Low
Vendor jar package name commons Low
Vendor pom name ASM Commons High
Vendor file name asm-commons High
Vendor Manifest bundle-symbolicname org.objectweb.asm.commons Medium
Vendor pom groupid ow2.asm Highest
Vendor pom parent-artifactid asm-parent Low
Vendor pom parent-groupid org.ow2.asm Medium
Product Manifest bundle-docurl http://asm.objectweb.org Low
Product Manifest Bundle-Name ASM commons classes Medium
Product Manifest Implementation-Title ASM commons classes High
Product pom groupid ow2.asm Low
Product jar package name asm Low
Product pom artifactid asm-commons Highest
Product Manifest bundle-requiredexecutionenvironment J2SE-1.3 Low
Product jar package name commons Low
Product pom parent-groupid org.ow2.asm Low
Product pom name ASM Commons High
Product file name asm-commons High
Product gradle artifactid asm-commons Highest
Product Manifest bundle-symbolicname org.objectweb.asm.commons Medium
Product pom parent-artifactid asm-parent Medium
Product central artifactid asm-commons Highest
Version pom version 5.1 Highest
Version central version 5.1 Highest
Version file version 5.1 Highest
Version Manifest Implementation-Version 5.1 High
org.restlet-2.3.0.jar
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.restlet.jee\org.restlet\2.3.0\4c5d184e23fa729726668a90dc7338d80c4e7e6f\org.restlet-2.3.0.jar
MD5: 33a94f74de95421b4938dfecb0029ab1
SHA1: 4c5d184e23fa729726668a90dc7338d80c4e7e6f
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name engine Low
Vendor jar package name restlet Low
Vendor file name org.restlet High
Vendor gradle groupid org.restlet.jee Highest
Product jar package name engine Low
Product file name org.restlet High
Product gradle artifactid org.restlet Highest
Version file version 2.3.0 Highest
Version file name org.restlet Medium
Version gradle version 2.3.0 Highest
maven: org.restlet.jee:org.restlet:2.3.0
Confidence :Highest
cpe: cpe:/a:restlet:restlet_framework:2.3.0
Confidence :Low
suppress
cpe: cpe:/a:restlet:restlet:2.3.0
Confidence :Low
suppress
org.restlet.ext.servlet-2.3.0.jar
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.restlet.jee\org.restlet.ext.servlet\2.3.0\9303e20d0397c0304342943560c3a1693fd7ce7d\org.restlet.ext.servlet-2.3.0.jar
MD5: e81ab1a31fdd07ac02c576086201b2da
SHA1: 9303e20d0397c0304342943560c3a1693fd7ce7d
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name restlet Low
Vendor jar package name ext Low
Vendor gradle groupid org.restlet.jee Highest
Vendor file name org.restlet.ext.servlet High
Vendor jar package name servlet Low
Product jar package name internal Low
Product gradle artifactid org.restlet.ext.servlet Highest
Product jar package name ext Low
Product file name org.restlet.ext.servlet High
Product jar package name servlet Low
Version file version 2.3.0 Highest
Version gradle version 2.3.0 Highest
Version file name org.restlet.ext.servlet Medium
cpe: cpe:/a:restlet:restlet_framework:2.3.0
Confidence :Low
suppress
cpe: cpe:/a:restlet:restlet:2.3.0
Confidence :Low
suppress
maven: org.restlet.jee:org.restlet.ext.servlet:2.3.0
Confidence :Highest
maven-scm-api-1.4.jar
Description: The SCM API provides mechanisms to manage all SCM tools.
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.maven.scm\maven-scm-api\1.4\e294693ce217bd6f470b728127854e6ca787fd29\maven-scm-api-1.4.jar
MD5: bc840a6620ec3d3c56ce58b10076cef4
SHA1: e294693ce217bd6f470b728127854e6ca787fd29
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom parent-groupid org.apache.maven.scm Medium
Vendor pom name Maven SCM API High
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor gradle groupid org.apache.maven.scm Highest
Vendor file name maven-scm-api High
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom description The SCM API provides mechanisms to manage all SCM tools. Medium
Vendor Manifest Implementation-Vendor-Id org.apache.maven.scm Medium
Vendor central groupid org.apache.maven.scm Highest
Vendor pom artifactid maven-scm-api Low
Vendor pom parent-artifactid maven-scm Low
Vendor pom groupid apache.maven.scm Highest
Product pom name Maven SCM API High
Product central artifactid maven-scm-api Highest
Product pom groupid apache.maven.scm Low
Product file name maven-scm-api High
Product pom parent-artifactid maven-scm Medium
Product pom description The SCM API provides mechanisms to manage all SCM tools. Medium
Product Manifest specification-title Maven SCM API Medium
Product pom parent-groupid org.apache.maven.scm Low
Product gradle artifactid maven-scm-api Highest
Product Manifest Implementation-Title Maven SCM API High
Product pom artifactid maven-scm-api Highest
Version Manifest Implementation-Version 1.4 High
Version pom version 1.4 Highest
Version file version 1.4 Highest
Version central version 1.4 Highest
maven-scm-provider-svnexe-1.4.jar
Description: Executable library for SCM SVN Provider.
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.maven.scm\maven-scm-provider-svnexe\1.4\b3213b40157b701ba079b738baac391e41418c18\maven-scm-provider-svnexe-1.4.jar
MD5: 6624c9c3324f88619205c2b8c60e583b
SHA1: b3213b40157b701ba079b738baac391e41418c18
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom parent-groupid org.apache.maven.scm Medium
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor gradle groupid org.apache.maven.scm Highest
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor Manifest Implementation-Vendor-Id org.apache.maven.scm Medium
Vendor pom name Maven SCM Subversion Provider - SVN Executable Impl. High
Vendor central groupid org.apache.maven.scm Highest
Vendor file name maven-scm-provider-svnexe High
Vendor pom parent-artifactid maven-scm-providers-svn Low
Vendor pom description Executable library for SCM SVN Provider. Medium
Vendor pom groupid apache.maven.scm Highest
Vendor pom artifactid maven-scm-provider-svnexe Low
Product Manifest specification-title Maven SCM Subversion Provider - SVN Executable Impl. Medium
Product central artifactid maven-scm-provider-svnexe Highest
Product pom name Maven SCM Subversion Provider - SVN Executable Impl. High
Product gradle artifactid maven-scm-provider-svnexe Highest
Product pom artifactid maven-scm-provider-svnexe Highest
Product pom groupid apache.maven.scm Low
Product file name maven-scm-provider-svnexe High
Product Manifest Implementation-Title Maven SCM Subversion Provider - SVN Executable Impl. High
Product pom description Executable library for SCM SVN Provider. Medium
Product pom parent-groupid org.apache.maven.scm Low
Product pom parent-artifactid maven-scm-providers-svn Medium
Version Manifest Implementation-Version 1.4 High
Version pom version 1.4 Highest
Version file version 1.4 Highest
Version central version 1.4 Highest
javax.ws.rs-api-2.0.1.jar
Description: Java API for RESTful Web Services (JAX-RS)
License:
CDDL 1.1: http://glassfish.java.net/public/CDDL+GPL_1_1.html
GPL2 w/ CPE: http://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\javax.ws.rs\javax.ws.rs-api\2.0.1\104e9c2b5583cfcfeac0402316221648d6d8ea6b\javax.ws.rs-api-2.0.1.jar
MD5: edcd111cf4d3ba8ac8e1f326efc37a17
SHA1: 104e9c2b5583cfcfeac0402316221648d6d8ea6b
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor gradle groupid javax.ws.rs Highest
Vendor Manifest bundle-symbolicname javax.ws.rs-api Medium
Vendor pom organization name Oracle Corporation High
Vendor Manifest bundle-docurl http://www.oracle.com/ Low
Vendor pom parent-artifactid jvnet-parent Low
Vendor pom url http://jax-rs-spec.java.net Highest
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Vendor pom name javax.ws.rs-api High
Vendor file name javax.ws.rs-api High
Vendor pom groupid javax.ws.rs Highest
Vendor Manifest extension-name javax.ws.rs Medium
Vendor pom organization url http://www.oracle.com/ Medium
Vendor Manifest specification-vendor Oracle Corporation Low
Vendor central groupid javax.ws.rs Highest
Vendor manifest Bundle-Description Java API for RESTful Web Services (JAX-RS) Medium
Vendor pom artifactid javax.ws.rs-api Low
Vendor pom parent-groupid net.java Medium
Product Manifest Bundle-Name javax.ws.rs-api Medium
Product Manifest bundle-symbolicname javax.ws.rs-api Medium
Product pom groupid javax.ws.rs Low
Product Manifest bundle-docurl http://www.oracle.com/ Low
Product pom artifactid javax.ws.rs-api Highest
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Product central artifactid javax.ws.rs-api Highest
Product pom name javax.ws.rs-api High
Product file name javax.ws.rs-api High
Product Manifest extension-name javax.ws.rs Medium
Product pom parent-groupid net.java Low
Product pom organization url http://www.oracle.com/ Low
Product gradle artifactid javax.ws.rs-api Highest
Product manifest Bundle-Description Java API for RESTful Web Services (JAX-RS) Medium
Product pom parent-artifactid jvnet-parent Medium
Product pom organization name Oracle Corporation Low
Product pom url http://jax-rs-spec.java.net Medium
Version Manifest Implementation-Version 2.0.1 High
Version pom version 2.0.1 Highest
Version file version 2.0.1 Highest
Version central version 2.0.1 Highest
cpe: cpe:/a:restful_web_services_project:restful_web_services:2.0.1
Confidence :Low
suppress
maven: javax.ws.rs:javax.ws.rs-api:2.0.1 ✓
Confidence :Highest
cpe: cpe:/a:restful_project:restful:2.0.1
Confidence :Low
suppress
javax.annotation-api-1.2.jar
Description: Common Annotations for the JavaTM Platform API
License:
CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\javax.annotation\javax.annotation-api\1.2\479c1e06db31c432330183f5cae684163f186146\javax.annotation-api-1.2.jar
MD5: 75fe320d2b3763bd6883ae1ede35e987
SHA1: 479c1e06db31c432330183f5cae684163f186146
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest Implementation-Vendor-Id org.glassfish Medium
Vendor manifest Bundle-Description Java(TM) Common Annotations 1.2 API Design Specification Medium
Vendor pom url http://jcp.org/en/jsr/detail?id=250 Highest
Vendor pom name ${extension.name} API High
Vendor Manifest extension-name javax.annotation Medium
Vendor pom parent-artifactid jvnet-parent Low
Vendor pom description Common Annotations for the JavaTM Platform API Medium
Vendor central groupid javax.annotation Highest
Vendor pom groupid javax.annotation Highest
Vendor gradle groupid javax.annotation Highest
Vendor Manifest specification-vendor Oracle Corporation Low
Vendor file name javax.annotation-api High
Vendor pom artifactid javax.annotation-api Low
Vendor Manifest bundle-symbolicname javax.annotation-api Medium
Vendor Manifest Implementation-Vendor GlassFish Community High
Vendor pom organization url https://glassfish.java.net Medium
Vendor pom organization name GlassFish Community High
Vendor pom parent-groupid net.java Medium
Vendor Manifest bundle-docurl https://glassfish.java.net Low
Product manifest Bundle-Description Java(TM) Common Annotations 1.2 API Design Specification Medium
Product pom name ${extension.name} API High
Product Manifest extension-name javax.annotation Medium
Product gradle artifactid javax.annotation-api Highest
Product pom description Common Annotations for the JavaTM Platform API Medium
Product Manifest Bundle-Name javax.annotation API Medium
Product pom groupid javax.annotation Low
Product central artifactid javax.annotation-api Highest
Product pom parent-groupid net.java Low
Product file name javax.annotation-api High
Product pom organization name GlassFish Community Low
Product Manifest bundle-symbolicname javax.annotation-api Medium
Product pom url http://jcp.org/en/jsr/detail?id=250 Medium
Product pom parent-artifactid jvnet-parent Medium
Product pom artifactid javax.annotation-api Highest
Product pom organization url https://glassfish.java.net Low
Product Manifest bundle-docurl https://glassfish.java.net Low
Version central version 1.2 Highest
Version file version 1.2 Highest
Version pom version 1.2 Highest
Version Manifest Implementation-Version 1.2 High
c3p0-0.9.1.1.jar
Description:
c3p0 is an easy-to-use library for augmenting traditional (DriverManager-based) JDBC drivers with JNDI-bindable DataSources,
including DataSources that implement Connection and Statement Pooling, as described by the jdbc3 spec and jdbc2 std extension.
License:
GNU LESSER GENERAL PUBLIC LICENSE: http://www.gnu.org/licenses/lgpl.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\c3p0\c3p0\0.9.1.1\302704f30c6e7abb7a0457f7771739e03c973e80\c3p0-0.9.1.1.jar
MD5: 640c58226e7bb6beacc8ac3f6bb533d1
SHA1: 302704f30c6e7abb7a0457f7771739e03c973e80
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name v2 Low
Vendor file name c3p0 High
Vendor Manifest Implementation-Vendor-Id com.mchange Medium
Vendor jar package name mchange Low
Vendor gradle groupid c3p0 Highest
Vendor Manifest specification-vendor Machinery For Change, Inc. Low
Vendor pom name c3p0:JDBC DataSources/Resource Pools High
Vendor central groupid c3p0 Highest
Vendor Manifest Implementation-Vendor Machinery For Change, Inc. High
Vendor Manifest extension-name com.mchange.v2.c3p0 Medium
Vendor pom url http://c3p0.sourceforge.net Highest
Vendor pom artifactid c3p0 Low
Vendor pom description c3p0 is an easy-to-use library for augmenting traditional (DriverManager-based) JDBC drivers with JNDI-bindable DataSources, including DataSources that implement Connection and Statement Pooling, as described by the jdbc3 spec and jdbc2 std extension. Low
Vendor pom groupid c3p0 Highest
Product jar package name v2 Low
Product file name c3p0 High
Product gradle artifactid c3p0 Highest
Product pom artifactid c3p0 Highest
Product Manifest extension-name com.mchange.v2.c3p0 Medium
Product pom groupid c3p0 Low
Product pom url http://c3p0.sourceforge.net Medium
Product central artifactid c3p0 Highest
Product pom name c3p0:JDBC DataSources/Resource Pools High
Product pom description c3p0 is an easy-to-use library for augmenting traditional (DriverManager-based) JDBC drivers with JNDI-bindable DataSources, including DataSources that implement Connection and Statement Pooling, as described by the jdbc3 spec and jdbc2 std extension. Low
Version pom version 0.9.1.1 Highest
Version Manifest Implementation-Version 0.9.1.1 High
Version file version 0.9.1.1 Highest
Version central version 0.9.1.1 Highest
batik-constants-1.9.jar
Description: Batik constants library
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlgraphics\batik-constants\1.9\24cae622672dedddd18951b193a83c12bfe33241\batik-constants-1.9.jar
MD5: 7df1523bd6e051d785cff2b8c7ef1d8f
SHA1: 24cae622672dedddd18951b193a83c12bfe33241
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name apache Low
Vendor central groupid org.apache.xmlgraphics Highest
Vendor pom parent-artifactid batik Low
Vendor pom groupid apache.xmlgraphics Highest
Vendor pom parent-groupid org.apache.xmlgraphics Medium
Vendor file name batik-constants High
Vendor gradle groupid org.apache.xmlgraphics Highest
Vendor pom name org.apache.xmlgraphics:batik High
Vendor pom artifactid batik-constants Low
Vendor jar package name util Low
Vendor jar package name batik Low
Vendor pom description Batik constants library Medium
Product jar package name xmlconstants Low
Product pom parent-groupid org.apache.xmlgraphics Low
Product gradle artifactid batik-constants Highest
Product file name batik-constants High
Product pom name org.apache.xmlgraphics:batik High
Product pom parent-artifactid batik Medium
Product jar package name util Low
Product central artifactid batik-constants Highest
Product jar package name batik Low
Product pom artifactid batik-constants Highest
Product pom groupid apache.xmlgraphics Low
Product pom description Batik constants library Medium
Version pom version 1.9 Highest
Version file version 1.9 Highest
Version central version 1.9 Highest
batik-i18n-1.9.jar
Description: Batik i18n library
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlgraphics\batik-i18n\1.9\c83bf01767ec26ad24df7277d2dc845c3f4fe0f2\batik-i18n-1.9.jar
MD5: b041c490132ce981ebaf9d037c57f531
SHA1: c83bf01767ec26ad24df7277d2dc845c3f4fe0f2
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name apache Low
Vendor pom description Batik i18n library Medium
Vendor central groupid org.apache.xmlgraphics Highest
Vendor pom parent-artifactid batik Low
Vendor pom groupid apache.xmlgraphics Highest
Vendor pom parent-groupid org.apache.xmlgraphics Medium
Vendor gradle groupid org.apache.xmlgraphics Highest
Vendor pom name org.apache.xmlgraphics:batik High
Vendor file name batik-i18n High
Vendor pom artifactid batik-i18n Low
Vendor jar package name batik Low
Vendor jar package name i18n Low
Product central artifactid batik-i18n Highest
Product pom name org.apache.xmlgraphics:batik High
Product gradle artifactid batik-i18n Highest
Product pom artifactid batik-i18n Highest
Product pom parent-artifactid batik Medium
Product file name batik-i18n High
Product pom description Batik i18n library Medium
Product jar package name batik Low
Product jar package name i18n Low
Product pom parent-groupid org.apache.xmlgraphics Low
Product pom groupid apache.xmlgraphics Low
Version pom version 1.9 Highest
Version file version 1.9 Highest
Version central version 1.9 Highest
org.eclipse.core.expressions-3.4.500.v20130515-1343.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.core.expressions\3.4.500.v20130515-1343\97cc20cce87af191fc620562ab74b1cde95947fd\org.eclipse.core.expressions-3.4.500.v20130515-1343.jar
MD5: 20da519a750933fa70944f49f2cc8ffd
SHA1: 97cc20cce87af191fc620562ab74b1cde95947fd
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest bundle-symbolicname org.eclipse.core.expressions; singleton:=true Medium
Vendor pom artifactid eclipse.core.expressions Low
Vendor Manifest require-bundle org.eclipse.core.runtime;bundle-version="[3.3.0,4.0.0)" Low
Vendor pom name org.eclipse.core.expressions_3.4.500.v20130515-1343.jar High
Vendor central groupid org.eclipse.birt.runtime Highest
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor pom groupid eclipse.birt.runtime Highest
Vendor file name org.eclipse.core.expressions High
Vendor jar package name core Low
Vendor jar package name internal Low
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.4,CDC-1.0/Foundation-1.0,J2SE-1.3 Low
Vendor gradle groupid org.eclipse.birt.runtime Highest
Vendor jar package name eclipse Low
Product Manifest bundle-symbolicname org.eclipse.core.expressions; singleton:=true Medium
Product Manifest require-bundle org.eclipse.core.runtime;bundle-version="[3.3.0,4.0.0)" Low
Product pom name org.eclipse.core.expressions_3.4.500.v20130515-1343.jar High
Product pom description A component of the BIRT runtime Medium
Product central artifactid org.eclipse.core.expressions Highest
Product file name org.eclipse.core.expressions High
Product pom artifactid eclipse.core.expressions Highest
Product jar package name expressions Low
Product jar package name core Low
Product jar package name internal Low
Product gradle artifactid org.eclipse.core.expressions Highest
Product Manifest bundle-requiredexecutionenvironment J2SE-1.4,CDC-1.0/Foundation-1.0,J2SE-1.3 Low
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product pom groupid eclipse.birt.runtime Low
Product Manifest Bundle-Name %pluginName Medium
Version file version 3.4.500.v20130515 Highest
Version gradle version 3.4.500.v20130515-1343 Highest
Version Manifest Bundle-Version 3.4.500.v20130515-1343 High
Version file name org.eclipse.core.expressions Medium
Version pom version 3.4.500.v20130515-1343 Highest
Version central version 3.4.500.v20130515-1343 Highest
org.eclipse.emf.ecore.xmi-2.10.1.v20140901-1043.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.emf.ecore.xmi\2.10.1.v20140901-1043\2a524cbae6c0ad0410c89270eb928ad90f75c95e\org.eclipse.emf.ecore.xmi-2.10.1.v20140901-1043.jar
MD5: 47a6f6ebfb8ae5ed9c82360f8d670683
SHA1: 2a524cbae6c0ad0410c89270eb928ad90f75c95e
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name ecore Low
Vendor central groupid org.eclipse.birt.runtime Highest
Vendor Manifest require-bundle org.eclipse.core.runtime;resolution:="optional";x-installation:="greedy";bundle-version="[3.5.0,4.0.0)",org.eclipse.emf.ecore;visibility:="reexport";bundle-version="[2.10.0,3.0.0)" Low
Vendor jar package name emf Low
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor pom name org.eclipse.emf.ecore.xmi_2.10.1.v20140901-1043.jar High
Vendor file name org.eclipse.emf.ecore.xmi High
Vendor pom groupid eclipse.birt.runtime Highest
Vendor Manifest bundle-symbolicname org.eclipse.emf.ecore.xmi; singleton:=true Medium
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Vendor pom artifactid eclipse.emf.ecore.xmi Low
Vendor gradle groupid org.eclipse.birt.runtime Highest
Vendor jar package name eclipse Low
Product jar package name ecore Low
Product pom artifactid eclipse.emf.ecore.xmi Highest
Product Manifest require-bundle org.eclipse.core.runtime;resolution:="optional";x-installation:="greedy";bundle-version="[3.5.0,4.0.0)",org.eclipse.emf.ecore;visibility:="reexport";bundle-version="[2.10.0,3.0.0)" Low
Product jar package name emf Low
Product pom description A component of the BIRT runtime Medium
Product pom name org.eclipse.emf.ecore.xmi_2.10.1.v20140901-1043.jar High
Product file name org.eclipse.emf.ecore.xmi High
Product Manifest bundle-symbolicname org.eclipse.emf.ecore.xmi; singleton:=true Medium
Product gradle artifactid org.eclipse.emf.ecore.xmi Highest
Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Product jar package name xmi Low
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product central artifactid org.eclipse.emf.ecore.xmi Highest
Product pom groupid eclipse.birt.runtime Low
Product Manifest Bundle-Name %pluginName Medium
Version Manifest Bundle-Version 2.10.1.v20140901-1043 High
Version file version 2.10.1.v20140901 Highest
Version gradle version 2.10.1.v20140901-1043 Highest
Version pom version 2.10.1.v20140901-1043 Highest
Version file name org.eclipse.emf.ecore.xmi Medium
Version central version 2.10.1.v20140901-1043 Highest
org.eclipse.datatools.connectivity.oda.design-3.3.6.v201212070447.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.connectivity.oda.design\3.3.6.v201212070447\bce1829458bb7c58200cb72c045d48e82702d0a8\org.eclipse.datatools.connectivity.oda.design-3.3.6.v201212070447.jar
MD5: adda38edf0bc609098de5f74d24de2e3
SHA1: bce1829458bb7c58200cb72c045d48e82702d0a8
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor file name org.eclipse.datatools.connectivity.oda.design High
Vendor central groupid org.eclipse.birt.runtime Highest
Vendor Manifest bundle-symbolicname org.eclipse.datatools.connectivity.oda.design; singleton:=true Medium
Vendor pom name org.eclipse.datatools.connectivity.oda.design_3.3.6.v201212070447.jar High
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor pom groupid eclipse.birt.runtime Highest
Vendor jar package name connectivity Low
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Vendor gradle groupid org.eclipse.birt.runtime Highest
Vendor Manifest require-bundle org.eclipse.core.runtime;bundle-version="[3.4.0,4.0.0)",org.eclipse.emf.ecore;bundle-version="[2.4.0,3.0.0)";visibility:=reexport,org.eclipse.emf.ecore.xmi;bundle-version="[2.4.0,3.0.0)";visibility:=reexport,com.ibm.icu;bundle-version="3.4.4";visibility:=reexport Low
Vendor jar package name datatools Low
Vendor pom artifactid eclipse.datatools.connectivity.oda.design Low
Vendor jar package name eclipse Low
Product central artifactid org.eclipse.datatools.connectivity.oda.design Highest
Product jar package name oda Low
Product file name org.eclipse.datatools.connectivity.oda.design High
Product Manifest bundle-symbolicname org.eclipse.datatools.connectivity.oda.design; singleton:=true Medium
Product pom name org.eclipse.datatools.connectivity.oda.design_3.3.6.v201212070447.jar High
Product pom artifactid eclipse.datatools.connectivity.oda.design Highest
Product pom description A component of the BIRT runtime Medium
Product jar package name connectivity Low
Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Product gradle artifactid org.eclipse.datatools.connectivity.oda.design Highest
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product pom groupid eclipse.birt.runtime Low
Product Manifest require-bundle org.eclipse.core.runtime;bundle-version="[3.4.0,4.0.0)",org.eclipse.emf.ecore;bundle-version="[2.4.0,3.0.0)";visibility:=reexport,org.eclipse.emf.ecore.xmi;bundle-version="[2.4.0,3.0.0)";visibility:=reexport,com.ibm.icu;bundle-version="3.4.4";visibility:=reexport Low
Product jar package name datatools Low
Product Manifest Bundle-Name %pluginName Medium
Version Manifest Bundle-Version 3.3.6.v201212070447 High
Version central version 3.3.6.v201212070447 Highest
Version file name org.eclipse.datatools.connectivity.oda.design Medium
Version file version 3.3.6.v20121207 Highest
Version pom version 3.3.6.v201212070447 Highest
Version gradle version 3.3.6.v201212070447 Highest
org.eclipse.datatools.enablement.oda.xml-1.2.5.v201305031101.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.enablement.oda.xml\1.2.5.v201305031101\b5be50518c251d4c022959aeb6f871d6fea33fcc\org.eclipse.datatools.enablement.oda.xml-1.2.5.v201305031101.jar
MD5: 58849f828c50fff8ef3e9be4ac636508
SHA1: b5be50518c251d4c022959aeb6f871d6fea33fcc
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor file name org.eclipse.datatools.enablement.oda.xml High
Vendor central groupid org.eclipse.birt.runtime Highest
Vendor pom name org.eclipse.datatools.enablement.oda.xml_1.2.5.v201305031101.jar High
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor jar package name enablement Low
Vendor pom groupid eclipse.birt.runtime Highest
Vendor Manifest bundle-symbolicname org.eclipse.datatools.enablement.oda.xml;singleton:=true Medium
Vendor Manifest require-bundle org.eclipse.core.runtime;bundle-version="[3.2.0,4.0.0)",org.eclipse.datatools.connectivity.oda;bundle-version="[3.2.0,4.0.0)",org.apache.xerces;bundle-version="[2.8.0,3.0.0)",org.eclipse.datatools.connectivity.oda.profile;bundle-version="[3.0.7,4.0.0)";resolution:=optional Low
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Vendor gradle groupid org.eclipse.birt.runtime Highest
Vendor pom artifactid eclipse.datatools.enablement.oda.xml Low
Vendor jar package name datatools Low
Vendor jar package name eclipse Low
Product gradle artifactid org.eclipse.datatools.enablement.oda.xml Highest
Product jar package name oda Low
Product pom artifactid eclipse.datatools.enablement.oda.xml Highest
Product file name org.eclipse.datatools.enablement.oda.xml High
Product pom name org.eclipse.datatools.enablement.oda.xml_1.2.5.v201305031101.jar High
Product pom description A component of the BIRT runtime Medium
Product jar package name enablement Low
Product central artifactid org.eclipse.datatools.enablement.oda.xml Highest
Product Manifest bundle-symbolicname org.eclipse.datatools.enablement.oda.xml;singleton:=true Medium
Product Manifest require-bundle org.eclipse.core.runtime;bundle-version="[3.2.0,4.0.0)",org.eclipse.datatools.connectivity.oda;bundle-version="[3.2.0,4.0.0)",org.apache.xerces;bundle-version="[2.8.0,3.0.0)",org.eclipse.datatools.connectivity.oda.profile;bundle-version="[3.0.7,4.0.0)";resolution:=optional Low
Product Manifest Bundle-Name %plugin.name Medium
Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product pom groupid eclipse.birt.runtime Low
Product jar package name datatools Low
Version gradle version 1.2.5.v201305031101 Highest
Version file version 1.2.5.v20130503 Highest
Version Manifest Bundle-Version 1.2.5.v201305031101 High
Version pom version 1.2.5.v201305031101 Highest
Version file name org.eclipse.datatools.enablement.oda.xml Medium
Version central version 1.2.5.v201305031101 Highest
Published Vulnerabilities
CVE-2009-4521 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.
Vulnerable Software & Versions:
org.eclipse.datatools.enablement.oda.ws-1.2.6.v201403131825.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.enablement.oda.ws\1.2.6.v201403131825\cc7814580f2fb5890c54681fec0f98b3e1386b51\org.eclipse.datatools.enablement.oda.ws-1.2.6.v201403131825.jar
MD5: f38bc06778ddbd8297a522d6907f780b
SHA1: cc7814580f2fb5890c54681fec0f98b3e1386b51
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom artifactid eclipse.datatools.enablement.oda.ws Low
Vendor Manifest require-bundle org.eclipse.core.runtime;bundle-version="[3.2.0,4.0.0)",org.eclipse.datatools.connectivity.oda;bundle-version="[3.2.0,4.0.0)",org.eclipse.datatools.connectivity.oda.profile;bundle-version="[3.0.7,4.0.0)";resolution:=optional,org.eclipse.datatools.enablement.oda.xml;bundle-version="[1.2.0,2.0.0)",javax.wsdl;bundle-version="[1.5.0,1.6.0)",org.apache.xerces;bundle-version="[2.8.0,3.0.0)";resolution:=optional Low
Vendor central groupid org.eclipse.birt.runtime Highest
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor jar package name enablement Low
Vendor pom groupid eclipse.birt.runtime Highest
Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low
Vendor file name org.eclipse.datatools.enablement.oda.ws High
Vendor gradle groupid org.eclipse.birt.runtime Highest
Vendor jar package name datatools Low
Vendor Manifest bundle-symbolicname org.eclipse.datatools.enablement.oda.ws; singleton:=true Medium
Vendor jar package name eclipse Low
Vendor pom name org.eclipse.datatools.enablement.oda.ws_1.2.6.v201403131825.jar High
Product Manifest require-bundle org.eclipse.core.runtime;bundle-version="[3.2.0,4.0.0)",org.eclipse.datatools.connectivity.oda;bundle-version="[3.2.0,4.0.0)",org.eclipse.datatools.connectivity.oda.profile;bundle-version="[3.0.7,4.0.0)";resolution:=optional,org.eclipse.datatools.enablement.oda.xml;bundle-version="[1.2.0,2.0.0)",javax.wsdl;bundle-version="[1.5.0,1.6.0)",org.apache.xerces;bundle-version="[2.8.0,3.0.0)";resolution:=optional Low
Product jar package name oda Low
Product central artifactid org.eclipse.datatools.enablement.oda.ws Highest
Product pom description A component of the BIRT runtime Medium
Product jar package name enablement Low
Product pom artifactid eclipse.datatools.enablement.oda.ws Highest
Product gradle artifactid org.eclipse.datatools.enablement.oda.ws Highest
Product Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low
Product Manifest Bundle-Name %plugin.name Medium
Product file name org.eclipse.datatools.enablement.oda.ws High
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product pom groupid eclipse.birt.runtime Low
Product jar package name datatools Low
Product Manifest bundle-symbolicname org.eclipse.datatools.enablement.oda.ws; singleton:=true Medium
Product pom name org.eclipse.datatools.enablement.oda.ws_1.2.6.v201403131825.jar High
Version file name org.eclipse.datatools.enablement.oda.ws Medium
Version central version 1.2.6.v201403131825 Highest
Version file version 1.2.6.v20140313 Highest
Version pom version 1.2.6.v201403131825 Highest
Version gradle version 1.2.6.v201403131825 Highest
Version Manifest Bundle-Version 1.2.6.v201403131825 High
Published Vulnerabilities
CVE-2009-4521 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.
Vulnerable Software & Versions:
org.eclipse.core.runtime-3.9.0.v20130326-1255.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.core.runtime\3.9.0.v20130326-1255\47eedfa6e872020604db4b2e1949aa6ca273ac6a\org.eclipse.core.runtime-3.9.0.v20130326-1255.jar
MD5: 0dde7c81b2e6278cdd4a4b4821a54419
SHA1: 47eedfa6e872020604db4b2e1949aa6ca273ac6a
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest require-bundle org.eclipse.osgi;bundle-version="[3.7.0,4.0.0)";visibility:=reexport,org.eclipse.equinox.common;bundle-version="[3.6.100,4.0.0)";visibility:=reexport,org.eclipse.core.jobs;bundle-version="[3.2.0,4.0.0)";visibility:=reexport,org.eclipse.equinox.registry;bundle-version="[3.4.0,4.0.0)";visibility:=reexport,org.eclipse.equinox.preferences;bundle-version="[3.4.0,4.0.0)";visibility:=reexport,org.eclipse.core.contenttype;bundle-version="[3.3.0,4.0.0)";visibility:=reexport,org.eclipse.core.runtime.compatibility.auth;bundle-version="[3.2.0,4.0.0)";resolution:=optional,org.eclipse.equinox.app;bundle-version="1.0.0";visibility:=reexport Low
Vendor central groupid org.eclipse.birt.runtime Highest
Vendor pom artifactid eclipse.core.runtime Low
Vendor file name org.eclipse.core.runtime High
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor pom groupid eclipse.birt.runtime Highest
Vendor jar package name runtime Low
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Vendor jar package name core Low
Vendor pom name org.eclipse.core.runtime_3.9.0.v20130326-1255.jar High
Vendor gradle groupid org.eclipse.birt.runtime Highest
Vendor Manifest bundle-symbolicname org.eclipse.core.runtime; singleton:=true Medium
Vendor jar package name eclipse Low
Product Manifest require-bundle org.eclipse.osgi;bundle-version="[3.7.0,4.0.0)";visibility:=reexport,org.eclipse.equinox.common;bundle-version="[3.6.100,4.0.0)";visibility:=reexport,org.eclipse.core.jobs;bundle-version="[3.2.0,4.0.0)";visibility:=reexport,org.eclipse.equinox.registry;bundle-version="[3.4.0,4.0.0)";visibility:=reexport,org.eclipse.equinox.preferences;bundle-version="[3.4.0,4.0.0)";visibility:=reexport,org.eclipse.core.contenttype;bundle-version="[3.3.0,4.0.0)";visibility:=reexport,org.eclipse.core.runtime.compatibility.auth;bundle-version="[3.2.0,4.0.0)";resolution:=optional,org.eclipse.equinox.app;bundle-version="1.0.0";visibility:=reexport Low
Product gradle artifactid org.eclipse.core.runtime Highest
Product file name org.eclipse.core.runtime High
Product pom description A component of the BIRT runtime Medium
Product jar package name runtime Low
Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Product jar package name core Low
Product central artifactid org.eclipse.core.runtime Highest
Product pom name org.eclipse.core.runtime_3.9.0.v20130326-1255.jar High
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product pom groupid eclipse.birt.runtime Low
Product Manifest bundle-symbolicname org.eclipse.core.runtime; singleton:=true Medium
Product pom artifactid eclipse.core.runtime Highest
Product Manifest Bundle-Name %pluginName Medium
Version file name org.eclipse.core.runtime Medium
Version gradle version 3.9.0.v20130326-1255 Highest
Version Manifest Bundle-Version 3.9.0.v20130326-1255 High
Version pom version 3.9.0.v20130326-1255 Highest
Version central version 3.9.0.v20130326-1255 Highest
Version file version 3.9.0.v20130326 Highest
org.eclipse.equinox.app-1.3.100.v20130327-1442.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.equinox.app\1.3.100.v20130327-1442\cfe0deab8c3c4f4caea3767bc8bbaa4789b8f782\org.eclipse.equinox.app-1.3.100.v20130327-1442.jar
MD5: 2f4d4cc26c71bd7383fd9b7762ed57ae
SHA1: cfe0deab8c3c4f4caea3767bc8bbaa4789b8f782
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor central groupid org.eclipse.birt.runtime Highest
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor Manifest comment-dynamicimport this is only used to allow late binding of the package Low
Vendor pom groupid eclipse.birt.runtime Highest
Vendor Manifest require-bundle org.eclipse.equinox.registry;bundle-version="[3.4.0,4.0.0)",org.eclipse.equinox.common;bundle-version="[3.2.0,4.0.0)" Low
Vendor Manifest bundle-requiredexecutionenvironment OSGi/Minimum-1.2,CDC-1.1/Foundation-1.1,J2SE-1.4 Low
Vendor Manifest comment-header Both Eclipse-LazyStart and Bundle-ActivationPolicy are specified for compatibility with 3.2 Low
Vendor pom name org.eclipse.equinox.app_1.3.100.v20130327-1442.jar High
Vendor file name org.eclipse.equinox.app High
Vendor jar package name internal Low
Vendor pom artifactid eclipse.equinox.app Low
Vendor Manifest bundle-symbolicname org.eclipse.equinox.app; singleton:=true Medium
Vendor gradle groupid org.eclipse.birt.runtime Highest
Vendor jar package name equinox Low
Vendor jar package name eclipse Low
Product pom artifactid eclipse.equinox.app Highest
Product gradle artifactid org.eclipse.equinox.app Highest
Product pom description A component of the BIRT runtime Medium
Product Manifest comment-dynamicimport this is only used to allow late binding of the package Low
Product Manifest require-bundle org.eclipse.equinox.registry;bundle-version="[3.4.0,4.0.0)",org.eclipse.equinox.common;bundle-version="[3.2.0,4.0.0)" Low
Product Manifest bundle-requiredexecutionenvironment OSGi/Minimum-1.2,CDC-1.1/Foundation-1.1,J2SE-1.4 Low
Product Manifest comment-header Both Eclipse-LazyStart and Bundle-ActivationPolicy are specified for compatibility with 3.2 Low
Product jar package name app Low
Product pom name org.eclipse.equinox.app_1.3.100.v20130327-1442.jar High
Product central artifactid org.eclipse.equinox.app Highest
Product file name org.eclipse.equinox.app High
Product jar package name internal Low
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product pom groupid eclipse.birt.runtime Low
Product Manifest bundle-symbolicname org.eclipse.equinox.app; singleton:=true Medium
Product jar package name equinox Low
Product Manifest Bundle-Name %pluginName Medium
Version pom version 1.3.100.v20130327-1442 Highest
Version gradle version 1.3.100.v20130327-1442 Highest
Version file name org.eclipse.equinox.app Medium
Version Manifest comment-header 3.2 Low
Version file version 1.3.100.v20130327 Highest
Version Manifest Bundle-Version 1.3.100.v20130327-1442 High
Version central version 1.3.100.v20130327-1442 Highest
Published Vulnerabilities
CVE-2009-4521 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.
Vulnerable Software & Versions:
com.ibm.icu-50.1.1.v201304230130.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\com.ibm.icu\50.1.1.v201304230130\ff82137ba65f8676355452edc0ca57975d1b69f4\com.ibm.icu-50.1.1.v201304230130.jar
MD5: cc9d48d40fd8c18a2c4603e8403d6df6
SHA1: ff82137ba65f8676355452edc0ca57975d1b69f4
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom artifactid ibm.icu Low
Vendor jar package name ibm Low
Vendor central groupid org.eclipse.birt.runtime Highest
Vendor Manifest bundle-copyright Licensed Materials - Property of IBM (C) Copyright IBM Corp. 2000, 2012. All Rights Reserved. IBM is a registered trademark of IBM Corp. Low
Vendor jar package name icu Low
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor pom groupid eclipse.birt.runtime Highest
Vendor pom name com.ibm.icu_50.1.1.v201304230130.jar High
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Vendor file name com.ibm.icu High
Vendor gradle groupid org.eclipse.birt.runtime Highest
Vendor Manifest bundle-symbolicname com.ibm.icu;singleton:=true Medium
Product gradle artifactid com.ibm.icu Highest
Product Manifest bundle-copyright Licensed Materials - Property of IBM (C) Copyright IBM Corp. 2000, 2012. All Rights Reserved. IBM is a registered trademark of IBM Corp. Low
Product jar package name icu Low
Product pom description A component of the BIRT runtime Medium
Product pom name com.ibm.icu_50.1.1.v201304230130.jar High
Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Product file name com.ibm.icu High
Product central artifactid com.ibm.icu Highest
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product pom groupid eclipse.birt.runtime Low
Product pom artifactid ibm.icu Highest
Product Manifest bundle-symbolicname com.ibm.icu;singleton:=true Medium
Product Manifest Bundle-Name %pluginName Medium
Version central version 50.1.1.v201304230130 Highest
Version pom version 50.1.1.v201304230130 Highest
Version Manifest bundle-copyright 2012. Low
Version gradle version 50.1.1.v201304230130 Highest
Version Manifest Bundle-Version 50.1.1.v201304230130 High
Version file name com.ibm.icu Medium
Version file version 50.1.1.v20130423 Highest
org.eclipse.equinox.registry-3.5.400.v20140428-1507.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.equinox.registry\3.5.400.v20140428-1507\897775850f15e1595464bbff11562583b8132499\org.eclipse.equinox.registry-3.5.400.v20140428-1507.jar
MD5: b31d9c600f764fdcafacdef1ba72cb91
SHA1: 897775850f15e1595464bbff11562583b8132499
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom name org.eclipse.equinox.registry_3.5.400.v20140428-1507.jar High
Vendor file name org.eclipse.equinox.registry High
Vendor Manifest bundle-requiredexecutionenvironment CDC-1.1/Foundation-1.1,J2SE-1.4 Low
Vendor Manifest require-bundle org.eclipse.equinox.common;bundle-version="[3.2.0,4.0.0)" Low
Vendor Manifest bundle-symbolicname org.eclipse.equinox.registry;singleton:=true Medium
Vendor central groupid org.eclipse.birt.runtime Highest
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor pom groupid eclipse.birt.runtime Highest
Vendor Manifest comment-header Both Eclipse-LazyStart and Bundle-ActivationPolicy are specified for compatibility with 3.2 Low
Vendor jar package name core Low
Vendor jar package name internal Low
Vendor pom artifactid eclipse.equinox.registry Low
Vendor gradle groupid org.eclipse.birt.runtime Highest
Vendor jar package name eclipse Low
Product pom name org.eclipse.equinox.registry_3.5.400.v20140428-1507.jar High
Product file name org.eclipse.equinox.registry High
Product Manifest bundle-requiredexecutionenvironment CDC-1.1/Foundation-1.1,J2SE-1.4 Low
Product pom artifactid eclipse.equinox.registry Highest
Product Manifest require-bundle org.eclipse.equinox.common;bundle-version="[3.2.0,4.0.0)" Low
Product Manifest bundle-symbolicname org.eclipse.equinox.registry;singleton:=true Medium
Product jar package name registry Low
Product central artifactid org.eclipse.equinox.registry Highest
Product pom description A component of the BIRT runtime Medium
Product Manifest comment-header Both Eclipse-LazyStart and Bundle-ActivationPolicy are specified for compatibility with 3.2 Low
Product jar package name core Low
Product jar package name internal Low
Product gradle artifactid org.eclipse.equinox.registry Highest
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product pom groupid eclipse.birt.runtime Low
Product Manifest Bundle-Name %pluginName Medium
Version file name org.eclipse.equinox.registry Medium
Version Manifest comment-header 3.2 Low
Version gradle version 3.5.400.v20140428-1507 Highest
Version file version 3.5.400.v20140428 Highest
Version Manifest Bundle-Version 3.5.400.v20140428-1507 High
Version pom version 3.5.400.v20140428-1507 Highest
Version central version 3.5.400.v20140428-1507 Highest
org.eclipse.datatools.connectivity.dbdefinition.genericJDBC-1.0.1.v201107221459.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.connectivity.dbdefinition.genericJDBC\1.0.1.v201107221459\1ee4dc13d331d13f2be2f1cb1b62b789c25db9cc\org.eclipse.datatools.connectivity.dbdefinition.genericJDBC-1.0.1.v201107221459.jar
MD5: 6fdf12a21f1fed08aa2588709699aba1
SHA1: 1ee4dc13d331d13f2be2f1cb1b62b789c25db9cc
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom name org.eclipse.datatools.connectivity.dbdefinition.genericJDBC_1.0.1.v201107221459.jar High
Vendor pom artifactid eclipse.datatools.connectivity.dbdefinition.genericJDBC Low
Vendor central groupid org.eclipse.birt.runtime Highest
Vendor file name org.eclipse.datatools.connectivity.dbdefinition.genericJDBC High
Vendor Manifest bundle-symbolicname org.eclipse.datatools.connectivity.dbdefinition.genericJDBC; singleton:=true Medium
Vendor gradle groupid org.eclipse.birt.runtime Highest
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor pom groupid eclipse.birt.runtime Highest
Product pom name org.eclipse.datatools.connectivity.dbdefinition.genericJDBC_1.0.1.v201107221459.jar High
Product gradle artifactid org.eclipse.datatools.connectivity.dbdefinition.genericJDBC Highest
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product file name org.eclipse.datatools.connectivity.dbdefinition.genericJDBC High
Product Manifest bundle-symbolicname org.eclipse.datatools.connectivity.dbdefinition.genericJDBC; singleton:=true Medium
Product pom groupid eclipse.birt.runtime Low
Product pom description A component of the BIRT runtime Medium
Product pom artifactid eclipse.datatools.connectivity.dbdefinition.genericJDBC Highest
Product Manifest Bundle-Name %pluginName Medium
Product central artifactid org.eclipse.datatools.connectivity.dbdefinition.genericJDBC Highest
Version file name org.eclipse.datatools.connectivity.dbdefinition.genericJDBC Medium
Version central version 1.0.1.v201107221459 Highest
Version pom version 1.0.1.v201107221459 Highest
Version gradle version 1.0.1.v201107221459 Highest
Version file version 1.0.1.v20110722 Highest
Version Manifest Bundle-Version 1.0.1.v201107221459 High
Published Vulnerabilities
CVE-2009-4521 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.
Vulnerable Software & Versions:
org.eclipse.osgi-3.10.1.v20140909-1633.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.osgi\3.10.1.v20140909-1633\e6a47e8e3edaf8b3cf74a1d5540a9c91369fb28a\org.eclipse.osgi-3.10.1.v20140909-1633.jar
MD5: 07e3c874013c7228107c5e0f61a942f5
SHA1: e6a47e8e3edaf8b3cf74a1d5540a9c91369fb28a
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom name org.eclipse.osgi_3.10.1.v20140909-1633.jar High
Vendor manifest Bundle-Description %systemBundle Medium
Vendor jar package name osgi Low
Vendor central groupid org.eclipse.birt.runtime Highest
Vendor Manifest bundle-docurl http://www.eclipse.org Low
Vendor Manifest commentout-require-capability osgi.ee; filter:="(| (&(osgi.ee=JavaSE)(version=1.6)) (&(osgi.ee=JavaSE/compact1)(version=1.8)) )" Low
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor pom groupid eclipse.birt.runtime Highest
Vendor Manifest bundle-copyright %copyright Low
Vendor file name org.eclipse.osgi High
Vendor pom artifactid eclipse.osgi Low
Vendor Manifest bundle-symbolicname org.eclipse.osgi; singleton:=true Medium
Vendor gradle groupid org.eclipse.birt.runtime Highest
Vendor jar package name eclipse Low
Product pom name org.eclipse.osgi_3.10.1.v20140909-1633.jar High
Product manifest Bundle-Description %systemBundle Medium
Product jar package name osgi Low
Product Manifest bundle-docurl http://www.eclipse.org Low
Product pom artifactid eclipse.osgi Highest
Product Manifest commentout-require-capability osgi.ee; filter:="(| (&(osgi.ee=JavaSE)(version=1.6)) (&(osgi.ee=JavaSE/compact1)(version=1.8)) )" Low
Product central artifactid org.eclipse.osgi Highest
Product pom description A component of the BIRT runtime Medium
Product gradle artifactid org.eclipse.osgi Highest
Product Manifest bundle-copyright %copyright Low
Product file name org.eclipse.osgi High
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product Manifest bundle-symbolicname org.eclipse.osgi; singleton:=true Medium
Product pom groupid eclipse.birt.runtime Low
Product Manifest Bundle-Name %systemBundle Medium
Version gradle version 3.10.1.v20140909-1633 Highest
Version Manifest Bundle-Version 3.10.1.v20140909-1633 High
Version file name org.eclipse.osgi Medium
Version file version 3.10.1.v20140909 Highest
Version pom version 3.10.1.v20140909-1633 Highest
Version central version 3.10.1.v20140909-1633 Highest
org.eclipse.emf.common-2.10.1.v20140901-1043.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.emf.common\2.10.1.v20140901-1043\4a9dbfa87401190c710c16dcbbc7a2ea7cc3ff70\org.eclipse.emf.common-2.10.1.v20140901-1043.jar
MD5: df980d426f472a019fe8c58f1f420a0b
SHA1: 4a9dbfa87401190c710c16dcbbc7a2ea7cc3ff70
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom artifactid eclipse.emf.common Low
Vendor Manifest bundle-symbolicname org.eclipse.emf.common;singleton:=true Medium
Vendor file name org.eclipse.emf.common High
Vendor central groupid org.eclipse.birt.runtime Highest
Vendor jar package name emf Low
Vendor pom name org.eclipse.emf.common_2.10.1.v20140901-1043.jar High
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor pom groupid eclipse.birt.runtime Highest
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Vendor jar package name common Low
Vendor Manifest require-bundle org.eclipse.core.runtime;resolution:="optional";x-installation:="greedy";bundle-version="[3.5.0,4.0.0)" Low
Vendor gradle groupid org.eclipse.birt.runtime Highest
Vendor jar package name eclipse Low
Product gradle artifactid org.eclipse.emf.common Highest
Product Manifest bundle-symbolicname org.eclipse.emf.common;singleton:=true Medium
Product file name org.eclipse.emf.common High
Product jar package name emf Low
Product pom name org.eclipse.emf.common_2.10.1.v20140901-1043.jar High
Product pom description A component of the BIRT runtime Medium
Product central artifactid org.eclipse.emf.common Highest
Product pom artifactid eclipse.emf.common Highest
Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Product jar package name util Low
Product jar package name common Low
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product Manifest require-bundle org.eclipse.core.runtime;resolution:="optional";x-installation:="greedy";bundle-version="[3.5.0,4.0.0)" Low
Product pom groupid eclipse.birt.runtime Low
Product Manifest Bundle-Name %pluginName Medium
Version Manifest Bundle-Version 2.10.1.v20140901-1043 High
Version file version 2.10.1.v20140901 Highest
Version gradle version 2.10.1.v20140901-1043 Highest
Version file name org.eclipse.emf.common Medium
Version pom version 2.10.1.v20140901-1043 Highest
Version central version 2.10.1.v20140901-1043 Highest
org.eclipse.datatools.connectivity.sqm.core-1.2.8.v201401230755.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.connectivity.sqm.core\1.2.8.v201401230755\c0d3d79971a815a4db6c5b009ada4f0f1f44e043\org.eclipse.datatools.connectivity.sqm.core-1.2.8.v201401230755.jar
MD5: 95679c586bf2429199ee06a9ad56a618
SHA1: c0d3d79971a815a4db6c5b009ada4f0f1f44e043
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest bundle-symbolicname org.eclipse.datatools.connectivity.sqm.core; singleton:=true Medium
Vendor pom name org.eclipse.datatools.connectivity.sqm.core_1.2.8.v201401230755.jar High
Vendor central groupid org.eclipse.birt.runtime Highest
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor pom groupid eclipse.birt.runtime Highest
Vendor jar package name connectivity Low
Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low
Vendor Manifest require-bundle org.eclipse.core.resources;bundle-version="[3.2.0,4.0.0)",org.eclipse.emf.ecore.change;bundle-version="[2.2.0,3.0.0)",org.eclipse.emf.ecore.xmi;bundle-version="[2.2.0,3.0.0)",org.eclipse.core.runtime;bundle-version="[3.2.0,4.0.0)",org.eclipse.datatools.modelbase.sql;bundle-version="[0.9.0,1.5.0)",org.eclipse.datatools.modelbase.dbdefinition;bundle-version="[0.9.0,1.5.0)",org.eclipse.datatools.connectivity;bundle-version="[1.2.3,2.0.0)" Low
Vendor gradle groupid org.eclipse.birt.runtime Highest
Vendor jar package name datatools Low
Vendor file name org.eclipse.datatools.connectivity.sqm.core High
Vendor jar package name eclipse Low
Vendor pom artifactid eclipse.datatools.connectivity.sqm.core Low
Product pom artifactid eclipse.datatools.connectivity.sqm.core Highest
Product Manifest bundle-symbolicname org.eclipse.datatools.connectivity.sqm.core; singleton:=true Medium
Product pom name org.eclipse.datatools.connectivity.sqm.core_1.2.8.v201401230755.jar High
Product jar package name sqm Low
Product central artifactid org.eclipse.datatools.connectivity.sqm.core Highest
Product pom description A component of the BIRT runtime Medium
Product jar package name connectivity Low
Product Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low
Product Manifest require-bundle org.eclipse.core.resources;bundle-version="[3.2.0,4.0.0)",org.eclipse.emf.ecore.change;bundle-version="[2.2.0,3.0.0)",org.eclipse.emf.ecore.xmi;bundle-version="[2.2.0,3.0.0)",org.eclipse.core.runtime;bundle-version="[3.2.0,4.0.0)",org.eclipse.datatools.modelbase.sql;bundle-version="[0.9.0,1.5.0)",org.eclipse.datatools.modelbase.dbdefinition;bundle-version="[0.9.0,1.5.0)",org.eclipse.datatools.connectivity;bundle-version="[1.2.3,2.0.0)" Low
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product gradle artifactid org.eclipse.datatools.connectivity.sqm.core Highest
Product pom groupid eclipse.birt.runtime Low
Product jar package name datatools Low
Product file name org.eclipse.datatools.connectivity.sqm.core High
Product Manifest Bundle-Name %pluginName Medium
Version file name org.eclipse.datatools.connectivity.sqm.core Medium
Version central version 1.2.8.v201401230755 Highest
Version pom version 1.2.8.v201401230755 Highest
Version gradle version 1.2.8.v201401230755 Highest
Version file version 1.2.8.v20140123 Highest
Version Manifest Bundle-Version 1.2.8.v201401230755 High
Published Vulnerabilities
CVE-2009-4521 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.
Vulnerable Software & Versions:
org.eclipse.datatools.connectivity.oda.consumer-3.2.6.v201305170644.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.connectivity.oda.consumer\3.2.6.v201305170644\45205c69d334dec54f76f8e2a5cacab8accde588\org.eclipse.datatools.connectivity.oda.consumer-3.2.6.v201305170644.jar
MD5: 600a4ccb15bfeb916a514d507e3f6c5d
SHA1: 45205c69d334dec54f76f8e2a5cacab8accde588
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom name org.eclipse.datatools.connectivity.oda.consumer_3.2.6.v201305170644.jar High
Vendor file name org.eclipse.datatools.connectivity.oda.consumer High
Vendor central groupid org.eclipse.birt.runtime Highest
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor Manifest require-bundle org.eclipse.core.runtime;bundle-version="[3.2.0,4.0.0)",org.eclipse.datatools.connectivity.oda;bundle-version="[3.4.0,4.0.0)";visibility:=reexport Low
Vendor pom groupid eclipse.birt.runtime Highest
Vendor jar package name connectivity Low
Vendor pom artifactid eclipse.datatools.connectivity.oda.consumer Low
Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low
Vendor Manifest bundle-symbolicname org.eclipse.datatools.connectivity.oda.consumer;singleton:=true Medium
Vendor gradle groupid org.eclipse.birt.runtime Highest
Vendor jar package name datatools Low
Vendor jar package name eclipse Low
Product pom artifactid eclipse.datatools.connectivity.oda.consumer Highest
Product pom name org.eclipse.datatools.connectivity.oda.consumer_3.2.6.v201305170644.jar High
Product file name org.eclipse.datatools.connectivity.oda.consumer High
Product jar package name oda Low
Product central artifactid org.eclipse.datatools.connectivity.oda.consumer Highest
Product gradle artifactid org.eclipse.datatools.connectivity.oda.consumer Highest
Product pom description A component of the BIRT runtime Medium
Product Manifest require-bundle org.eclipse.core.runtime;bundle-version="[3.2.0,4.0.0)",org.eclipse.datatools.connectivity.oda;bundle-version="[3.4.0,4.0.0)";visibility:=reexport Low
Product jar package name connectivity Low
Product Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low
Product Manifest bundle-symbolicname org.eclipse.datatools.connectivity.oda.consumer;singleton:=true Medium
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product pom groupid eclipse.birt.runtime Low
Product Manifest Bundle-Name DTP ODA Consumer Helper Component Plug-in Medium
Product jar package name datatools Low
Version file name org.eclipse.datatools.connectivity.oda.consumer Medium
Version gradle version 3.2.6.v201305170644 Highest
Version central version 3.2.6.v201305170644 Highest
Version Manifest Bundle-Version 3.2.6.v201305170644 High
Version pom version 3.2.6.v201305170644 Highest
Version file version 3.2.6.v20130517 Highest
org.eclipse.core.jobs-3.6.0.v20140424-0053.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.core.jobs\3.6.0.v20140424-0053\e013c919510607d9c8ac5585b66ff4ee5e364ec9\org.eclipse.core.jobs-3.6.0.v20140424-0053.jar
MD5: f9c929dce571e15fb713214d4f067470
SHA1: e013c919510607d9c8ac5585b66ff4ee5e364ec9
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest require-bundle org.eclipse.equinox.common;bundle-version="[3.2.0,4.0.0)" Low
Vendor central groupid org.eclipse.birt.runtime Highest
Vendor file name org.eclipse.core.jobs High
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor Manifest bundle-symbolicname org.eclipse.core.jobs; singleton:=true Medium
Vendor pom groupid eclipse.birt.runtime Highest
Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low
Vendor jar package name core Low
Vendor jar package name internal Low
Vendor pom name org.eclipse.core.jobs_3.6.0.v20140424-0053.jar High
Vendor gradle groupid org.eclipse.birt.runtime Highest
Vendor jar package name eclipse Low
Vendor pom artifactid eclipse.core.jobs Low
Product Manifest require-bundle org.eclipse.equinox.common;bundle-version="[3.2.0,4.0.0)" Low
Product file name org.eclipse.core.jobs High
Product pom description A component of the BIRT runtime Medium
Product Manifest bundle-symbolicname org.eclipse.core.jobs; singleton:=true Medium
Product Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low
Product pom artifactid eclipse.core.jobs Highest
Product jar package name core Low
Product jar package name internal Low
Product gradle artifactid org.eclipse.core.jobs Highest
Product pom name org.eclipse.core.jobs_3.6.0.v20140424-0053.jar High
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product pom groupid eclipse.birt.runtime Low
Product Manifest Bundle-Name %pluginName Medium
Product jar package name jobs Low
Product central artifactid org.eclipse.core.jobs Highest
Version pom version 3.6.0.v20140424-0053 Highest
Version gradle version 3.6.0.v20140424-0053 Highest
Version file version 3.6.0.v20140424 Highest
Version file name org.eclipse.core.jobs Medium
Version Manifest Bundle-Version 3.6.0.v20140424-0053 High
Version central version 3.6.0.v20140424-0053 Highest
org.eclipse.datatools.enablement.ibm.db2.luw.dbdefinition-1.0.4.v201107221502.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.enablement.ibm.db2.luw.dbdefinition\1.0.4.v201107221502\7ba2ad3443244862426b20f2da73bb78c7223287\org.eclipse.datatools.enablement.ibm.db2.luw.dbdefinition-1.0.4.v201107221502.jar
MD5: a3575eef5353ab6e216804bb4b99d36e
SHA1: 7ba2ad3443244862426b20f2da73bb78c7223287
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom artifactid eclipse.datatools.enablement.ibm.db2.luw.dbdefinition Low
Vendor Manifest bundle-symbolicname org.eclipse.datatools.enablement.ibm.db2.luw.dbdefinition; singleton:=true Medium
Vendor central groupid org.eclipse.birt.runtime Highest
Vendor file name org.eclipse.datatools.enablement.ibm.db2.luw.dbdefinition High
Vendor pom name org.eclipse.datatools.enablement.ibm.db2.luw.dbdefinition_1.0.4.v201107221502.jar High
Vendor gradle groupid org.eclipse.birt.runtime Highest
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor pom groupid eclipse.birt.runtime Highest
Product Manifest bundle-symbolicname org.eclipse.datatools.enablement.ibm.db2.luw.dbdefinition; singleton:=true Medium
Product gradle artifactid org.eclipse.datatools.enablement.ibm.db2.luw.dbdefinition Highest
Product file name org.eclipse.datatools.enablement.ibm.db2.luw.dbdefinition High
Product pom name org.eclipse.datatools.enablement.ibm.db2.luw.dbdefinition_1.0.4.v201107221502.jar High
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product pom groupid eclipse.birt.runtime Low
Product pom description A component of the BIRT runtime Medium
Product central artifactid org.eclipse.datatools.enablement.ibm.db2.luw.dbdefinition Highest
Product pom artifactid eclipse.datatools.enablement.ibm.db2.luw.dbdefinition Highest
Product Manifest Bundle-Name %pluginName Medium
Version central version 1.0.4.v201107221502 Highest
Version file version 1.0.4.v20110722 Highest
Version file name org.eclipse.datatools.enablement.ibm.db2.luw.dbdefinition Medium
Version pom version 1.0.4.v201107221502 Highest
Version gradle version 1.0.4.v201107221502 Highest
Version Manifest Bundle-Version 1.0.4.v201107221502 High
Published Vulnerabilities
CVE-2007-2582 suppress
Severity:
High
CVSS Score: 10.0
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Multiple buffer overflows in the DB2 JDBC Applet Server (DB2JDS) service in IBM DB2 9.x and earlier allow remote attackers to (1) execute arbitrary code via a crafted packet to the DB2JDS service on tcp/6789; and cause a denial of service via (2) an invalid LANG parameter or (2) a long packet that generates a "MemTree overflow."
Vulnerable Software & Versions:
CVE-2007-3676 suppress
Severity:
High
CVSS Score: 10.0
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-399 Resource Management Errors
IBM DB2 Universal Database (UDB) Administration Server (DAS) 8 before Fix Pack 16 and 9 before Fix Pack 4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via modified pointer values in unspecified remote administration requests, which triggers memory corruption or other invalid memory access. NOTE: this might be the same issue as CVE-2008-0698.
Vulnerable Software & Versions: (show all )
CVE-2007-5090 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls
Unspecified vulnerability in IBM Rational ClearQuest (CQ), when a Microsoft SQL Server or an IBM DB2 database is used, allows attackers to corrupt data via unspecified vectors.
Vulnerable Software & Versions: (show all )
CVE-2007-5652 suppress
Severity:
High
CVSS Score: 7.8
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
IBM DB2 UDB 9.1 before Fixpak 4 does not properly manage storage of a list containing authentication information, which might allow attackers to cause a denial of service (instance crash) or trigger memory corruption. NOTE: the vendor description of this issue is too vague to be certain that it is security-related.
Vulnerable Software & Versions: (show all )
CVE-2008-0699 suppress
Severity:
High
CVSS Score: 9.0
(AV:N/AC:L/Au:S/C:C/I:C/A:C)
Unspecified vulnerability in the ADMIN_SP_C procedure (SYSPROC.ADMIN_SP_C) in IBM DB2 UDB before 8.2 Fixpak 16, 9.1 before FP4a, and 9.5 before FP1 allows remote authenticated users to execute arbitrary code via unspecified attack vectors.
Vulnerable Software & Versions: (show all )
CVE-2008-1998 suppress
Severity:
High
CVSS Score: 8.5
(AV:N/AC:M/Au:S/C:C/I:C/A:C)
The NNSTAT (aka SYSPROC.NNSTAT) procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 on Windows allows remote authenticated users to overwrite arbitrary files via the log file parameter.
Vulnerable Software & Versions: (show all )
CVE-2008-3958 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a denial of service (instance crash) via a crafted CONNECT/ATTACH data stream that simulates a V7 client connect/attach request. NOTE: this may overlap CVE-2008-3858. NOTE: this issue exists because of an incomplete fix for CVE-2008-3959.
Vulnerable Software & Versions: (show all )
CVE-2008-3959 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
IBM DB2 UDB 8.1 before FixPak 16, 8.2 before FixPak 9, and 9.1 before FixPak 4a allows remote attackers to cause a denial of service (instance crash) via a crafted SQLJRA packet within a CONNECT/ATTACH data stream that simulates a V7 client connect/attach request.
Vulnerable Software & Versions: (show all )
CVE-2008-4691 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Unspecified vulnerability in the SQLNLS_UNPADDEDCHARLEN function in the New Compiler (aka Starburst derived compiler) component in the server in IBM DB2 9.1 before FP6 allows attackers to cause a denial of service (segmentation violation and trap) via unknown vectors.
Vulnerable Software & Versions: (show all )
CVE-2008-4692 suppress
Severity:
High
CVSS Score: 10.0
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
The Native Managed Provider for .NET component in IBM DB2 8 before FP17, 9.1 before FP6, and 9.5 before FP2, when a definer cannot maintain objects, preserves views and triggers without marking them inoperative or dropping them, which has unknown impact and attack vectors.
Vulnerable Software & Versions: (show all )
CVE-2008-4693 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure
The SORT/LIST SERVICES component in IBM DB2 9.1 before FP6 and 9.5 before FP2 writes sensitive information to the trace output, which allows attackers to obtain sensitive information by reading "PASSWORD-RELATED CONNECTION STRING KEYWORD VALUES."
Vulnerable Software & Versions: (show all )
CVE-2009-1239 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure
IBM DB2 9.1 before FP7 returns incorrect query results in certain situations related to the order of application of an INNER JOIN predicate and an OUTER JOIN predicate, which might allow attackers to obtain sensitive information via a crafted query.
Vulnerable Software & Versions: (show all )
CVE-2009-1905 suppress
Severity:
Low
CVSS Score: 2.6
(AV:N/AC:H/Au:N/C:P/I:N/A:N)
CWE: CWE-287 Improper Authentication
The Common Code Infrastructure component in IBM DB2 8 before FP17, 9.1 before FP7, and 9.5 before FP4, when LDAP security (aka IBMLDAPauthserver) and anonymous bind are enabled, allows remote attackers to bypass password authentication and establish a database connection via unspecified vectors.
Vulnerable Software & Versions: (show all )
CVE-2009-2858 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors
Memory leak in the Security component in IBM DB2 8.1 before FP18 on Unix platforms allows attackers to cause a denial of service (memory consumption) via unspecified vectors, related to private memory within the DB2 memory structure.
Vulnerable Software & Versions: (show all )
CVE-2009-2859 suppress
Severity:
Medium
CVSS Score: 4.6
(AV:L/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls
IBM DB2 8.1 before FP18 allows attackers to obtain unspecified access via a das command.
Vulnerable Software & Versions: (show all )
CVE-2009-2860 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Unspecified vulnerability in db2jds in IBM DB2 8.1 before FP18 allows remote attackers to cause a denial of service (service crash) via "malicious packets."
Vulnerable Software & Versions: (show all )
CVE-2010-1560 suppress
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Buffer overflow in the REPEAT function in IBM DB2 9.1 before FP9 allows remote authenticated users to cause a denial of service (trap) via unspecified vectors. NOTE: this might overlap CVE-2010-0462.
Vulnerable Software & Versions: (show all )
CVE-2011-0731 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Buffer overflow in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10, 9.5 before FP7, and 9.7 before FP3 on Linux, UNIX, and Windows allows remote attackers to execute arbitrary code via unspecified vectors.
Vulnerable Software & Versions: (show all )
CVE-2011-0757 suppress
Severity:
Medium
CVSS Score: 6.5
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls
IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP2 on Linux, UNIX, and Windows does not properly revoke the DBADM authority, which allows remote authenticated users to execute non-DDL statements by leveraging previous possession of this authority.
Vulnerable Software & Versions: (show all )
CVE-2011-1373 suppress
Severity:
Low
CVSS Score: 1.5
(AV:L/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in IBM DB2 9.7 before FP5 on UNIX, when the Self Tuning Memory Manager (STMM) feature and the AUTOMATIC DATABASE_MEMORY setting are configured, allows local users to cause a denial of service (daemon crash) via unknown vectors.
Vulnerable Software & Versions: (show all )
CVE-2011-1846 suppress
Severity:
Medium
CVSS Score: 6.5
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls
IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly revoke role membership from groups, which allows remote authenticated users to execute non-DDL statements by leveraging previous inherited possession of a role, a different vulnerability than CVE-2011-0757. NOTE: some of these details are obtained from third party information.
Vulnerable Software & Versions: (show all )
CVE-2011-1847 suppress
Severity:
Medium
CVSS Score: 4.9
(AV:N/AC:M/Au:S/C:N/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls
IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly enforce privilege requirements for table access, which allows remote authenticated users to modify SYSSTAT.TABLES statistics columns via an UPDATE statement. NOTE: some of these details are obtained from third party information.
Vulnerable Software & Versions: (show all )
CVE-2012-3324 suppress
Severity:
High
CVSS Score: 9.0
(AV:N/AC:L/Au:S/C:C/I:C/A:C)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Directory traversal vulnerability in the UTL_FILE module in IBM DB2 and DB2 Connect 10.1 before FP1 on Windows allows remote authenticated users to modify, delete, or read arbitrary files via a pathname in the file field.
Vulnerable Software & Versions: (show all )
org.eclipse.osgi.services-3.3.100.v20130513-1956.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.osgi.services\3.3.100.v20130513-1956\1d73531fac5372870373a06193985611b1239f0c\org.eclipse.osgi.services-3.3.100.v20130513-1956.jar
MD5: 7f7d4198812b01cb7c5a26399af7706f
SHA1: 1d73531fac5372870373a06193985611b1239f0c
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor file name org.eclipse.osgi.services High
Vendor jar package name osgi Low
Vendor central groupid org.eclipse.birt.runtime Highest
Vendor Manifest bundle-docurl http://www.eclipse.org Low
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor manifest Bundle-Description %osgiServicesDes Medium
Vendor pom groupid eclipse.birt.runtime Highest
Vendor Manifest bundle-requiredexecutionenvironment OSGi/Minimum-1.2,CDC-1.1/Foundation-1.1,J2SE-1.4 Low
Vendor jar package name service Low
Vendor pom name org.eclipse.osgi.services_3.3.100.v20130513-1956.jar High
Vendor pom artifactid eclipse.osgi.services Low
Vendor gradle groupid org.eclipse.birt.runtime Highest
Vendor Manifest bundle-symbolicname org.eclipse.osgi.services Medium
Product gradle artifactid org.eclipse.osgi.services Highest
Product Manifest Bundle-Name %osgiServices Medium
Product file name org.eclipse.osgi.services High
Product Manifest bundle-docurl http://www.eclipse.org Low
Product pom artifactid eclipse.osgi.services Highest
Product central artifactid org.eclipse.osgi.services Highest
Product pom description A component of the BIRT runtime Medium
Product manifest Bundle-Description %osgiServicesDes Medium
Product Manifest bundle-requiredexecutionenvironment OSGi/Minimum-1.2,CDC-1.1/Foundation-1.1,J2SE-1.4 Low
Product jar package name service Low
Product pom name org.eclipse.osgi.services_3.3.100.v20130513-1956.jar High
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product pom groupid eclipse.birt.runtime Low
Product Manifest bundle-symbolicname org.eclipse.osgi.services Medium
Version file version 3.3.100.v20130513 Highest
Version central version 3.3.100.v20130513-1956 Highest
Version pom version 3.3.100.v20130513-1956 Highest
Version file name org.eclipse.osgi.services Medium
Version gradle version 3.3.100.v20130513-1956 Highest
Version Manifest Bundle-Version 3.3.100.v20130513-1956 High
org.eclipse.core.contenttype-3.4.200.v20130326-1255.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.core.contenttype\3.4.200.v20130326-1255\9a032a98b4b139fa91522b10fdc61ffa9864414\org.eclipse.core.contenttype-3.4.200.v20130326-1255.jar
MD5: ae257d3da2fdc3bdd6391fdfcbe9f752
SHA1: 09a032a98b4b139fa91522b10fdc61ffa9864414
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest require-bundle org.eclipse.equinox.preferences;bundle-version="[3.2.0,4.0.0)",org.eclipse.equinox.registry;bundle-version="[3.2.0,4.0.0)",org.eclipse.equinox.common;bundle-version="[3.2.0,4.0.0)" Low
Vendor file name org.eclipse.core.contenttype High
Vendor Manifest bundle-symbolicname org.eclipse.core.contenttype; singleton:=true Medium
Vendor central groupid org.eclipse.birt.runtime Highest
Vendor pom name org.eclipse.core.contenttype_3.4.200.v20130326-1255.jar High
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor pom groupid eclipse.birt.runtime Highest
Vendor pom artifactid eclipse.core.contenttype Low
Vendor jar package name core Low
Vendor jar package name internal Low
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.4,CDC-1.0/Foundation-1.0,J2SE-1.3 Low
Vendor gradle groupid org.eclipse.birt.runtime Highest
Vendor jar package name eclipse Low
Product Manifest require-bundle org.eclipse.equinox.preferences;bundle-version="[3.2.0,4.0.0)",org.eclipse.equinox.registry;bundle-version="[3.2.0,4.0.0)",org.eclipse.equinox.common;bundle-version="[3.2.0,4.0.0)" Low
Product gradle artifactid org.eclipse.core.contenttype Highest
Product file name org.eclipse.core.contenttype High
Product Manifest bundle-symbolicname org.eclipse.core.contenttype; singleton:=true Medium
Product jar package name content Low
Product pom name org.eclipse.core.contenttype_3.4.200.v20130326-1255.jar High
Product central artifactid org.eclipse.core.contenttype Highest
Product pom description A component of the BIRT runtime Medium
Product pom artifactid eclipse.core.contenttype Highest
Product jar package name core Low
Product jar package name internal Low
Product Manifest bundle-requiredexecutionenvironment J2SE-1.4,CDC-1.0/Foundation-1.0,J2SE-1.3 Low
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product pom groupid eclipse.birt.runtime Low
Product Manifest Bundle-Name %pluginName Medium
Version file version 3.4.200.v20130326 Highest
Version Manifest Bundle-Version 3.4.200.v20130326-1255 High
Version file name org.eclipse.core.contenttype Medium
Version gradle version 3.4.200.v20130326-1255 Highest
Version pom version 3.4.200.v20130326-1255 Highest
Version central version 3.4.200.v20130326-1255 Highest
org.eclipse.emf.ecore.change-2.10.0.v20140901-1043.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.emf.ecore.change\2.10.0.v20140901-1043\c42c134004940345d45bf8367dae63c871a2420f\org.eclipse.emf.ecore.change-2.10.0.v20140901-1043.jar
MD5: 374a1da708946f84e519eeed88f7062b
SHA1: c42c134004940345d45bf8367dae63c871a2420f
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name ecore Low
Vendor central groupid org.eclipse.birt.runtime Highest
Vendor pom name org.eclipse.emf.ecore.change_2.10.0.v20140901-1043.jar High
Vendor Manifest require-bundle org.eclipse.core.runtime;resolution:="optional";x-installation:="greedy";bundle-version="[3.5.0,4.0.0)",org.eclipse.emf.ecore;visibility:="reexport";bundle-version="[2.10.0,3.0.0)" Low
Vendor jar package name emf Low
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor pom groupid eclipse.birt.runtime Highest
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Vendor pom artifactid eclipse.emf.ecore.change Low
Vendor file name org.eclipse.emf.ecore.change High
Vendor gradle groupid org.eclipse.birt.runtime Highest
Vendor Manifest bundle-symbolicname org.eclipse.emf.ecore.change;singleton:=true Medium
Vendor jar package name eclipse Low
Product central artifactid org.eclipse.emf.ecore.change Highest
Product jar package name ecore Low
Product pom name org.eclipse.emf.ecore.change_2.10.0.v20140901-1043.jar High
Product jar package name change Low
Product pom artifactid eclipse.emf.ecore.change Highest
Product Manifest require-bundle org.eclipse.core.runtime;resolution:="optional";x-installation:="greedy";bundle-version="[3.5.0,4.0.0)",org.eclipse.emf.ecore;visibility:="reexport";bundle-version="[2.10.0,3.0.0)" Low
Product jar package name emf Low
Product pom description A component of the BIRT runtime Medium
Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Product gradle artifactid org.eclipse.emf.ecore.change Highest
Product file name org.eclipse.emf.ecore.change High
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product pom groupid eclipse.birt.runtime Low
Product Manifest bundle-symbolicname org.eclipse.emf.ecore.change;singleton:=true Medium
Product Manifest Bundle-Name %pluginName Medium
Version Manifest Bundle-Version 2.10.0.v20140901-1043 High
Version file version 2.10.0.v20140901 Highest
Version pom version 2.10.0.v20140901-1043 Highest
Version file name org.eclipse.emf.ecore.change Medium
Version gradle version 2.10.0.v20140901-1043 Highest
Version central version 2.10.0.v20140901-1043 Highest
org.eclipse.datatools.connectivity.oda.profile-3.2.9.v201403131814.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.connectivity.oda.profile\3.2.9.v201403131814\2f795c899dac80982e95c9e2d5413ef88031cdab\org.eclipse.datatools.connectivity.oda.profile-3.2.9.v201403131814.jar
MD5: d6c9ad09ad88bc0daf6b3413d14d546b
SHA1: 2f795c899dac80982e95c9e2d5413ef88031cdab
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest require-bundle org.eclipse.datatools.connectivity;bundle-version="[1.2.2,2.0.0)";visibility:=reexport,org.eclipse.datatools.connectivity.oda.consumer;bundle-version="[3.2.5,4.0.0)",org.eclipse.core.runtime;bundle-version="[3.2.0,4.0.0)" Low
Vendor central groupid org.eclipse.birt.runtime Highest
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor pom groupid eclipse.birt.runtime Highest
Vendor pom name org.eclipse.datatools.connectivity.oda.profile_3.2.9.v201403131814.jar High
Vendor jar package name connectivity Low
Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low
Vendor file name org.eclipse.datatools.connectivity.oda.profile High
Vendor Manifest bundle-symbolicname org.eclipse.datatools.connectivity.oda.profile;singleton:=true Medium
Vendor pom artifactid eclipse.datatools.connectivity.oda.profile Low
Vendor gradle groupid org.eclipse.birt.runtime Highest
Vendor jar package name datatools Low
Vendor jar package name eclipse Low
Product jar package name oda Low
Product gradle artifactid org.eclipse.datatools.connectivity.oda.profile Highest
Product Manifest require-bundle org.eclipse.datatools.connectivity;bundle-version="[1.2.2,2.0.0)";visibility:=reexport,org.eclipse.datatools.connectivity.oda.consumer;bundle-version="[3.2.5,4.0.0)",org.eclipse.core.runtime;bundle-version="[3.2.0,4.0.0)" Low
Product pom description A component of the BIRT runtime Medium
Product central artifactid org.eclipse.datatools.connectivity.oda.profile Highest
Product pom name org.eclipse.datatools.connectivity.oda.profile_3.2.9.v201403131814.jar High
Product jar package name connectivity Low
Product Manifest Bundle-Name %plugin.name Medium
Product Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low
Product file name org.eclipse.datatools.connectivity.oda.profile High
Product Manifest bundle-symbolicname org.eclipse.datatools.connectivity.oda.profile;singleton:=true Medium
Product pom artifactid eclipse.datatools.connectivity.oda.profile Highest
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product pom groupid eclipse.birt.runtime Low
Product jar package name datatools Low
Version Manifest Bundle-Version 3.2.9.v201403131814 High
Version central version 3.2.9.v201403131814 Highest
Version file name org.eclipse.datatools.connectivity.oda.profile Medium
Version file version 3.2.9.v20140313 Highest
Version pom version 3.2.9.v201403131814 Highest
Version gradle version 3.2.9.v201403131814 Highest
org.eclipse.core.filesystem-1.4.0.v20130514-1240.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.core.filesystem\1.4.0.v20130514-1240\e26398a301d91db6516debe38664239481d4b309\org.eclipse.core.filesystem-1.4.0.v20130514-1240.jar
MD5: 7f664cc54d9bc005c089087c867e6899
SHA1: e26398a301d91db6516debe38664239481d4b309
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor central groupid org.eclipse.birt.runtime Highest
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor file name org.eclipse.core.filesystem High
Vendor pom groupid eclipse.birt.runtime Highest
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.4 Low
Vendor jar package name core Low
Vendor jar package name internal Low
Vendor Manifest bundle-symbolicname org.eclipse.core.filesystem; singleton:=true Medium
Vendor pom artifactid eclipse.core.filesystem Low
Vendor pom name org.eclipse.core.filesystem_1.4.0.v20130514-1240.jar High
Vendor gradle groupid org.eclipse.birt.runtime Highest
Vendor Manifest require-bundle org.eclipse.equinox.common;bundle-version="[3.2.0,4.0.0)",org.eclipse.equinox.registry;bundle-version="[3.2.0,4.0.0)",org.eclipse.osgi;bundle-version="[3.2.0,4.0.0)" Low
Vendor jar package name eclipse Low
Product pom artifactid eclipse.core.filesystem Highest
Product pom description A component of the BIRT runtime Medium
Product file name org.eclipse.core.filesystem High
Product Manifest bundle-requiredexecutionenvironment J2SE-1.4 Low
Product gradle artifactid org.eclipse.core.filesystem Highest
Product jar package name core Low
Product jar package name internal Low
Product jar package name filesystem Low
Product Manifest bundle-symbolicname org.eclipse.core.filesystem; singleton:=true Medium
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product central artifactid org.eclipse.core.filesystem Highest
Product pom groupid eclipse.birt.runtime Low
Product pom name org.eclipse.core.filesystem_1.4.0.v20130514-1240.jar High
Product Manifest require-bundle org.eclipse.equinox.common;bundle-version="[3.2.0,4.0.0)",org.eclipse.equinox.registry;bundle-version="[3.2.0,4.0.0)",org.eclipse.osgi;bundle-version="[3.2.0,4.0.0)" Low
Product Manifest Bundle-Name %pluginName Medium
Version central version 1.4.0.v20130514-1240 Highest
Version file name org.eclipse.core.filesystem Medium
Version pom version 1.4.0.v20130514-1240 Highest
Version gradle version 1.4.0.v20130514-1240 Highest
Version Manifest Bundle-Version 1.4.0.v20130514-1240 High
Version file version 1.4.0.v20130514 Highest
Published Vulnerabilities
CVE-2009-4521 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.
Vulnerable Software & Versions:
org.eclipse.datatools.connectivity-1.2.11.v201401230755.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.connectivity\1.2.11.v201401230755\2e2f258cf40953e97423343786eed44aaef5e207\org.eclipse.datatools.connectivity-1.2.11.v201401230755.jar
MD5: c8631d909028582b83a8df2e9691c6b9
SHA1: 2e2f258cf40953e97423343786eed44aaef5e207
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest bundle-symbolicname org.eclipse.datatools.connectivity; singleton:=true Medium
Vendor Manifest require-bundle org.eclipse.core.runtime;bundle-version="[3.2.0,4.0.0)",org.eclipse.core.resources;bundle-version="[3.2.0,4.0.0)" Low
Vendor pom name org.eclipse.datatools.connectivity_1.2.11.v201401230755.jar High
Vendor file name org.eclipse.datatools.connectivity High
Vendor central groupid org.eclipse.birt.runtime Highest
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor pom groupid eclipse.birt.runtime Highest
Vendor pom artifactid eclipse.datatools.connectivity Low
Vendor jar package name connectivity Low
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Vendor gradle groupid org.eclipse.birt.runtime Highest
Vendor jar package name datatools Low
Vendor jar package name eclipse Low
Product Manifest bundle-symbolicname org.eclipse.datatools.connectivity; singleton:=true Medium
Product Manifest require-bundle org.eclipse.core.runtime;bundle-version="[3.2.0,4.0.0)",org.eclipse.core.resources;bundle-version="[3.2.0,4.0.0)" Low
Product pom name org.eclipse.datatools.connectivity_1.2.11.v201401230755.jar High
Product file name org.eclipse.datatools.connectivity High
Product pom description A component of the BIRT runtime Medium
Product gradle artifactid org.eclipse.datatools.connectivity Highest
Product jar package name connectivity Low
Product Manifest Bundle-Name %Plugin.Name Medium
Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Product central artifactid org.eclipse.datatools.connectivity Highest
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product pom groupid eclipse.birt.runtime Low
Product pom artifactid eclipse.datatools.connectivity Highest
Product jar package name datatools Low
Version gradle version 1.2.11.v201401230755 Highest
Version Manifest Bundle-Version 1.2.11.v201401230755 High
Version pom version 1.2.11.v201401230755 Highest
Version file version 1.2.11.v20140123 Highest
Version central version 1.2.11.v201401230755 Highest
Version file name org.eclipse.datatools.connectivity Medium
Published Vulnerabilities
CVE-2009-4521 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.
Vulnerable Software & Versions:
org.eclipse.equinox.preferences-3.5.100.v20130422-1538.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.equinox.preferences\3.5.100.v20130422-1538\bc48b6b0c00898d5eb2cbd6024fc0235ae04f3d2\org.eclipse.equinox.preferences-3.5.100.v20130422-1538.jar
MD5: fc94bbfa2dcfe6b40cefce0f5a305f3a
SHA1: bc48b6b0c00898d5eb2cbd6024fc0235ae04f3d2
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest bundle-requiredexecutionenvironment CDC-1.1/Foundation-1.1,J2SE-1.4 Low
Vendor Manifest bundle-activationpolicy lazy; exclude:="org.eclipse.core.internal.preferences.exchange" Low
Vendor central groupid org.eclipse.birt.runtime Highest
Vendor file name org.eclipse.equinox.preferences High
Vendor pom artifactid eclipse.equinox.preferences Low
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor pom groupid eclipse.birt.runtime Highest
Vendor Manifest comment-header Both Eclipse-LazyStart and Bundle-ActivationPolicy are specified for compatibility with 3.2 Low
Vendor jar package name core Low
Vendor jar package name internal Low
Vendor Manifest eclipse-lazystart true; exceptions="org.eclipse.core.internal.preferences.exchange" Low
Vendor gradle groupid org.eclipse.birt.runtime Highest
Vendor Manifest require-bundle org.eclipse.equinox.common;bundle-version="[3.2.0,4.0.0)",org.eclipse.equinox.registry;bundle-version="[3.2.0,4.0.0)";resolution:=optional Low
Vendor Manifest bundle-symbolicname org.eclipse.equinox.preferences; singleton:=true Medium
Vendor pom name org.eclipse.equinox.preferences_3.5.100.v20130422-1538.jar High
Vendor jar package name eclipse Low
Product gradle artifactid org.eclipse.equinox.preferences Highest
Product Manifest bundle-requiredexecutionenvironment CDC-1.1/Foundation-1.1,J2SE-1.4 Low
Product Manifest bundle-activationpolicy lazy; exclude:="org.eclipse.core.internal.preferences.exchange" Low
Product file name org.eclipse.equinox.preferences High
Product pom description A component of the BIRT runtime Medium
Product Manifest comment-header Both Eclipse-LazyStart and Bundle-ActivationPolicy are specified for compatibility with 3.2 Low
Product jar package name preferences Low
Product central artifactid org.eclipse.equinox.preferences Highest
Product jar package name core Low
Product jar package name internal Low
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product pom groupid eclipse.birt.runtime Low
Product Manifest eclipse-lazystart true; exceptions="org.eclipse.core.internal.preferences.exchange" Low
Product pom artifactid eclipse.equinox.preferences Highest
Product Manifest require-bundle org.eclipse.equinox.common;bundle-version="[3.2.0,4.0.0)",org.eclipse.equinox.registry;bundle-version="[3.2.0,4.0.0)";resolution:=optional Low
Product Manifest bundle-symbolicname org.eclipse.equinox.preferences; singleton:=true Medium
Product pom name org.eclipse.equinox.preferences_3.5.100.v20130422-1538.jar High
Product Manifest Bundle-Name %pluginName Medium
Version central version 3.5.100.v20130422-1538 Highest
Version Manifest comment-header 3.2 Low
Version file version 3.5.100.v20130422 Highest
Version pom version 3.5.100.v20130422-1538 Highest
Version gradle version 3.5.100.v20130422-1538 Highest
Version Manifest Bundle-Version 3.5.100.v20130422-1538 High
Version file name org.eclipse.equinox.preferences Medium
org.eclipse.emf.ecore-2.10.1.v20140901-1043.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.emf.ecore\2.10.1.v20140901-1043\2da5a93e1d6eb2b6f78f215accc3304209b26104\org.eclipse.emf.ecore-2.10.1.v20140901-1043.jar
MD5: 28268d1878d5c7fc0248e1d24ca372db
SHA1: 2da5a93e1d6eb2b6f78f215accc3304209b26104
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest bundle-symbolicname org.eclipse.emf.ecore;singleton:=true Medium
Vendor jar package name ecore Low
Vendor pom name org.eclipse.emf.ecore_2.10.1.v20140901-1043.jar High
Vendor file name org.eclipse.emf.ecore High
Vendor central groupid org.eclipse.birt.runtime Highest
Vendor jar package name emf Low
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor pom groupid eclipse.birt.runtime Highest
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Vendor Manifest require-bundle org.eclipse.core.runtime;resolution:="optional";x-installation:="greedy";bundle-version="[3.5.0,4.0.0)",org.eclipse.emf.common;visibility:="reexport";bundle-version="[2.10.0,3.0.0)",org.eclipse.core.resources;resolution:="optional";bundle-version="[3.5.0,4.0.0)" Low
Vendor gradle groupid org.eclipse.birt.runtime Highest
Vendor pom artifactid eclipse.emf.ecore Low
Vendor jar package name eclipse Low
Product Manifest bundle-symbolicname org.eclipse.emf.ecore;singleton:=true Medium
Product jar package name ecore Low
Product pom name org.eclipse.emf.ecore_2.10.1.v20140901-1043.jar High
Product file name org.eclipse.emf.ecore High
Product pom artifactid eclipse.emf.ecore Highest
Product jar package name emf Low
Product pom description A component of the BIRT runtime Medium
Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Product Manifest require-bundle org.eclipse.core.runtime;resolution:="optional";x-installation:="greedy";bundle-version="[3.5.0,4.0.0)",org.eclipse.emf.common;visibility:="reexport";bundle-version="[2.10.0,3.0.0)",org.eclipse.core.resources;resolution:="optional";bundle-version="[3.5.0,4.0.0)" Low
Product gradle artifactid org.eclipse.emf.ecore Highest
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product pom groupid eclipse.birt.runtime Low
Product central artifactid org.eclipse.emf.ecore Highest
Product Manifest Bundle-Name %pluginName Medium
Version Manifest Bundle-Version 2.10.1.v20140901-1043 High
Version file version 2.10.1.v20140901 Highest
Version file name org.eclipse.emf.ecore Medium
Version gradle version 2.10.1.v20140901-1043 Highest
Version pom version 2.10.1.v20140901-1043 Highest
Version central version 2.10.1.v20140901-1043 Highest
org.eclipse.core.resources-3.9.1.v20140825-1431.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.core.resources\3.9.1.v20140825-1431\24a0e4b809d9cb102e7bf8123a2844657b916090\org.eclipse.core.resources-3.9.1.v20140825-1431.jar
MD5: 948716ccf019137b26949aab7d2e72f0
SHA1: 24a0e4b809d9cb102e7bf8123a2844657b916090
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest require-bundle org.eclipse.ant.core;bundle-version="[3.1.0,4.0.0)";resolution:=optional,org.eclipse.core.expressions;bundle-version="[3.2.0,4.0.0)",org.eclipse.core.filesystem;bundle-version="[1.3.0,2.0.0)",org.eclipse.core.runtime;bundle-version="[3.7.0,4.0.0)" Low
Vendor pom name org.eclipse.core.resources_3.9.1.v20140825-1431.jar High
Vendor central groupid org.eclipse.birt.runtime Highest
Vendor pom artifactid eclipse.core.resources Low
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor pom groupid eclipse.birt.runtime Highest
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Vendor jar package name core Low
Vendor jar package name internal Low
Vendor Manifest bundle-symbolicname org.eclipse.core.resources; singleton:=true Medium
Vendor file name org.eclipse.core.resources High
Vendor gradle groupid org.eclipse.birt.runtime Highest
Vendor jar package name eclipse Low
Product Manifest require-bundle org.eclipse.ant.core;bundle-version="[3.1.0,4.0.0)";resolution:=optional,org.eclipse.core.expressions;bundle-version="[3.2.0,4.0.0)",org.eclipse.core.filesystem;bundle-version="[1.3.0,2.0.0)",org.eclipse.core.runtime;bundle-version="[3.7.0,4.0.0)" Low
Product pom name org.eclipse.core.resources_3.9.1.v20140825-1431.jar High
Product jar package name resources Low
Product pom description A component of the BIRT runtime Medium
Product central artifactid org.eclipse.core.resources Highest
Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Product jar package name core Low
Product jar package name internal Low
Product Manifest bundle-symbolicname org.eclipse.core.resources; singleton:=true Medium
Product pom artifactid eclipse.core.resources Highest
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product file name org.eclipse.core.resources High
Product pom groupid eclipse.birt.runtime Low
Product gradle artifactid org.eclipse.core.resources Highest
Product Manifest Bundle-Name %pluginName Medium
Version central version 3.9.1.v20140825-1431 Highest
Version file version 3.9.1.v20140825 Highest
Version file name org.eclipse.core.resources Medium
Version gradle version 3.9.1.v20140825-1431 Highest
Version Manifest Bundle-Version 3.9.1.v20140825-1431 High
Version pom version 3.9.1.v20140825-1431 Highest
org.eclipse.datatools.connectivity.oda.flatfile-3.1.8.v201403010906.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.connectivity.oda.flatfile\3.1.8.v201403010906\3c62f783f8ac17aca5250f2a640dfd85c1df9178\org.eclipse.datatools.connectivity.oda.flatfile-3.1.8.v201403010906.jar
MD5: 3e014761ed380e969a586131b8138f5f
SHA1: 3c62f783f8ac17aca5250f2a640dfd85c1df9178
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor file name org.eclipse.datatools.connectivity.oda.flatfile High
Vendor Manifest bundle-symbolicname org.eclipse.datatools.connectivity.oda.flatfile; singleton:=true Medium
Vendor central groupid org.eclipse.birt.runtime Highest
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor pom groupid eclipse.birt.runtime Highest
Vendor jar package name connectivity Low
Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low
Vendor pom artifactid eclipse.datatools.connectivity.oda.flatfile Low
Vendor Manifest require-bundle org.eclipse.core.runtime;bundle-version="[3.2.0,4.0.0)",org.eclipse.datatools.connectivity.oda;bundle-version="[3.3.3,4.0.0)",org.eclipse.datatools.connectivity.oda.profile;bundle-version="[3.2.7,4.0.0)";resolution:=optional Low
Vendor pom name org.eclipse.datatools.connectivity.oda.flatfile_3.1.8.v201403010906.jar High
Vendor gradle groupid org.eclipse.birt.runtime Highest
Vendor jar package name datatools Low
Vendor jar package name eclipse Low
Product file name org.eclipse.datatools.connectivity.oda.flatfile High
Product pom artifactid eclipse.datatools.connectivity.oda.flatfile Highest
Product gradle artifactid org.eclipse.datatools.connectivity.oda.flatfile Highest
Product Manifest bundle-symbolicname org.eclipse.datatools.connectivity.oda.flatfile; singleton:=true Medium
Product jar package name oda Low
Product central artifactid org.eclipse.datatools.connectivity.oda.flatfile Highest
Product pom description A component of the BIRT runtime Medium
Product jar package name connectivity Low
Product Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low
Product Manifest Bundle-Name %plugin.name Medium
Product Manifest require-bundle org.eclipse.core.runtime;bundle-version="[3.2.0,4.0.0)",org.eclipse.datatools.connectivity.oda;bundle-version="[3.3.3,4.0.0)",org.eclipse.datatools.connectivity.oda.profile;bundle-version="[3.2.7,4.0.0)";resolution:=optional Low
Product pom name org.eclipse.datatools.connectivity.oda.flatfile_3.1.8.v201403010906.jar High
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product pom groupid eclipse.birt.runtime Low
Product jar package name datatools Low
Version file version 3.1.8.v20140301 Highest
Version file name org.eclipse.datatools.connectivity.oda.flatfile Medium
Version pom version 3.1.8.v201403010906 Highest
Version gradle version 3.1.8.v201403010906 Highest
Version Manifest Bundle-Version 3.1.8.v201403010906 High
Version central version 3.1.8.v201403010906 Highest
org.eclipse.datatools.enablement.ibm.db2.luw-1.0.2.v201107221502.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.enablement.ibm.db2.luw\1.0.2.v201107221502\3e9920ed389a8eba9ba8ce46d0c0e8ac6da5b41d\org.eclipse.datatools.enablement.ibm.db2.luw-1.0.2.v201107221502.jar
MD5: e38c42056dcd4e9928c7f477d936a919
SHA1: 3e9920ed389a8eba9ba8ce46d0c0e8ac6da5b41d
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor central groupid org.eclipse.birt.runtime Highest
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor file name org.eclipse.datatools.enablement.ibm.db2.luw High
Vendor Manifest bundle-symbolicname org.eclipse.datatools.enablement.ibm.db2.luw;singleton:=true Medium
Vendor jar package name enablement Low
Vendor pom groupid eclipse.birt.runtime Highest
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Vendor Manifest require-bundle org.eclipse.datatools.connectivity;bundle-version="[1.0.1,2.0.0)",org.eclipse.datatools.connectivity.sqm.core;bundle-version="[1.0.1,2.0.0)" Low
Vendor pom artifactid eclipse.datatools.enablement.ibm.db2.luw Low
Vendor pom name org.eclipse.datatools.enablement.ibm.db2.luw_1.0.2.v201107221502.jar High
Vendor gradle groupid org.eclipse.birt.runtime Highest
Vendor jar package name datatools Low
Vendor jar package name eclipse Low
Product gradle artifactid org.eclipse.datatools.enablement.ibm.db2.luw Highest
Product jar package name ibm Low
Product pom artifactid eclipse.datatools.enablement.ibm.db2.luw Highest
Product pom description A component of the BIRT runtime Medium
Product file name org.eclipse.datatools.enablement.ibm.db2.luw High
Product Manifest bundle-symbolicname org.eclipse.datatools.enablement.ibm.db2.luw;singleton:=true Medium
Product jar package name enablement Low
Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Product central artifactid org.eclipse.datatools.enablement.ibm.db2.luw Highest
Product Manifest require-bundle org.eclipse.datatools.connectivity;bundle-version="[1.0.1,2.0.0)",org.eclipse.datatools.connectivity.sqm.core;bundle-version="[1.0.1,2.0.0)" Low
Product pom name org.eclipse.datatools.enablement.ibm.db2.luw_1.0.2.v201107221502.jar High
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product pom groupid eclipse.birt.runtime Low
Product jar package name datatools Low
Product Manifest Bundle-Name %pluginName Medium
Version gradle version 1.0.2.v201107221502 Highest
Version pom version 1.0.2.v201107221502 Highest
Version central version 1.0.2.v201107221502 Highest
Version file name org.eclipse.datatools.enablement.ibm.db2.luw Medium
Version Manifest Bundle-Version 1.0.2.v201107221502 High
Version file version 1.0.2.v20110722 Highest
Published Vulnerabilities
CVE-2007-2582 suppress
Severity:
High
CVSS Score: 10.0
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Multiple buffer overflows in the DB2 JDBC Applet Server (DB2JDS) service in IBM DB2 9.x and earlier allow remote attackers to (1) execute arbitrary code via a crafted packet to the DB2JDS service on tcp/6789; and cause a denial of service via (2) an invalid LANG parameter or (2) a long packet that generates a "MemTree overflow."
Vulnerable Software & Versions:
CVE-2007-3676 suppress
Severity:
High
CVSS Score: 10.0
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-399 Resource Management Errors
IBM DB2 Universal Database (UDB) Administration Server (DAS) 8 before Fix Pack 16 and 9 before Fix Pack 4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via modified pointer values in unspecified remote administration requests, which triggers memory corruption or other invalid memory access. NOTE: this might be the same issue as CVE-2008-0698.
Vulnerable Software & Versions: (show all )
CVE-2007-5090 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls
Unspecified vulnerability in IBM Rational ClearQuest (CQ), when a Microsoft SQL Server or an IBM DB2 database is used, allows attackers to corrupt data via unspecified vectors.
Vulnerable Software & Versions: (show all )
CVE-2007-5652 suppress
Severity:
High
CVSS Score: 7.8
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
IBM DB2 UDB 9.1 before Fixpak 4 does not properly manage storage of a list containing authentication information, which might allow attackers to cause a denial of service (instance crash) or trigger memory corruption. NOTE: the vendor description of this issue is too vague to be certain that it is security-related.
Vulnerable Software & Versions: (show all )
CVE-2008-0699 suppress
Severity:
High
CVSS Score: 9.0
(AV:N/AC:L/Au:S/C:C/I:C/A:C)
Unspecified vulnerability in the ADMIN_SP_C procedure (SYSPROC.ADMIN_SP_C) in IBM DB2 UDB before 8.2 Fixpak 16, 9.1 before FP4a, and 9.5 before FP1 allows remote authenticated users to execute arbitrary code via unspecified attack vectors.
Vulnerable Software & Versions: (show all )
CVE-2008-1998 suppress
Severity:
High
CVSS Score: 8.5
(AV:N/AC:M/Au:S/C:C/I:C/A:C)
The NNSTAT (aka SYSPROC.NNSTAT) procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 on Windows allows remote authenticated users to overwrite arbitrary files via the log file parameter.
Vulnerable Software & Versions: (show all )
CVE-2008-3958 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a denial of service (instance crash) via a crafted CONNECT/ATTACH data stream that simulates a V7 client connect/attach request. NOTE: this may overlap CVE-2008-3858. NOTE: this issue exists because of an incomplete fix for CVE-2008-3959.
Vulnerable Software & Versions: (show all )
CVE-2008-3959 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
IBM DB2 UDB 8.1 before FixPak 16, 8.2 before FixPak 9, and 9.1 before FixPak 4a allows remote attackers to cause a denial of service (instance crash) via a crafted SQLJRA packet within a CONNECT/ATTACH data stream that simulates a V7 client connect/attach request.
Vulnerable Software & Versions: (show all )
CVE-2008-4691 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Unspecified vulnerability in the SQLNLS_UNPADDEDCHARLEN function in the New Compiler (aka Starburst derived compiler) component in the server in IBM DB2 9.1 before FP6 allows attackers to cause a denial of service (segmentation violation and trap) via unknown vectors.
Vulnerable Software & Versions: (show all )
CVE-2008-4692 suppress
Severity:
High
CVSS Score: 10.0
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
The Native Managed Provider for .NET component in IBM DB2 8 before FP17, 9.1 before FP6, and 9.5 before FP2, when a definer cannot maintain objects, preserves views and triggers without marking them inoperative or dropping them, which has unknown impact and attack vectors.
Vulnerable Software & Versions: (show all )
CVE-2008-4693 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure
The SORT/LIST SERVICES component in IBM DB2 9.1 before FP6 and 9.5 before FP2 writes sensitive information to the trace output, which allows attackers to obtain sensitive information by reading "PASSWORD-RELATED CONNECTION STRING KEYWORD VALUES."
Vulnerable Software & Versions: (show all )
CVE-2009-1239 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure
IBM DB2 9.1 before FP7 returns incorrect query results in certain situations related to the order of application of an INNER JOIN predicate and an OUTER JOIN predicate, which might allow attackers to obtain sensitive information via a crafted query.
Vulnerable Software & Versions: (show all )
CVE-2009-1905 suppress
Severity:
Low
CVSS Score: 2.6
(AV:N/AC:H/Au:N/C:P/I:N/A:N)
CWE: CWE-287 Improper Authentication
The Common Code Infrastructure component in IBM DB2 8 before FP17, 9.1 before FP7, and 9.5 before FP4, when LDAP security (aka IBMLDAPauthserver) and anonymous bind are enabled, allows remote attackers to bypass password authentication and establish a database connection via unspecified vectors.
Vulnerable Software & Versions: (show all )
CVE-2009-2858 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors
Memory leak in the Security component in IBM DB2 8.1 before FP18 on Unix platforms allows attackers to cause a denial of service (memory consumption) via unspecified vectors, related to private memory within the DB2 memory structure.
Vulnerable Software & Versions: (show all )
CVE-2009-2859 suppress
Severity:
Medium
CVSS Score: 4.6
(AV:L/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls
IBM DB2 8.1 before FP18 allows attackers to obtain unspecified access via a das command.
Vulnerable Software & Versions: (show all )
CVE-2009-2860 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Unspecified vulnerability in db2jds in IBM DB2 8.1 before FP18 allows remote attackers to cause a denial of service (service crash) via "malicious packets."
Vulnerable Software & Versions: (show all )
CVE-2010-1560 suppress
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Buffer overflow in the REPEAT function in IBM DB2 9.1 before FP9 allows remote authenticated users to cause a denial of service (trap) via unspecified vectors. NOTE: this might overlap CVE-2010-0462.
Vulnerable Software & Versions: (show all )
CVE-2011-0731 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Buffer overflow in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10, 9.5 before FP7, and 9.7 before FP3 on Linux, UNIX, and Windows allows remote attackers to execute arbitrary code via unspecified vectors.
Vulnerable Software & Versions: (show all )
CVE-2011-0757 suppress
Severity:
Medium
CVSS Score: 6.5
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls
IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP2 on Linux, UNIX, and Windows does not properly revoke the DBADM authority, which allows remote authenticated users to execute non-DDL statements by leveraging previous possession of this authority.
Vulnerable Software & Versions: (show all )
CVE-2011-1373 suppress
Severity:
Low
CVSS Score: 1.5
(AV:L/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in IBM DB2 9.7 before FP5 on UNIX, when the Self Tuning Memory Manager (STMM) feature and the AUTOMATIC DATABASE_MEMORY setting are configured, allows local users to cause a denial of service (daemon crash) via unknown vectors.
Vulnerable Software & Versions: (show all )
CVE-2011-1846 suppress
Severity:
Medium
CVSS Score: 6.5
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls
IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly revoke role membership from groups, which allows remote authenticated users to execute non-DDL statements by leveraging previous inherited possession of a role, a different vulnerability than CVE-2011-0757. NOTE: some of these details are obtained from third party information.
Vulnerable Software & Versions: (show all )
CVE-2011-1847 suppress
Severity:
Medium
CVSS Score: 4.9
(AV:N/AC:M/Au:S/C:N/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls
IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly enforce privilege requirements for table access, which allows remote authenticated users to modify SYSSTAT.TABLES statistics columns via an UPDATE statement. NOTE: some of these details are obtained from third party information.
Vulnerable Software & Versions: (show all )
CVE-2012-3324 suppress
Severity:
High
CVSS Score: 9.0
(AV:N/AC:L/Au:S/C:C/I:C/A:C)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Directory traversal vulnerability in the UTL_FILE module in IBM DB2 and DB2 Connect 10.1 before FP1 on Windows allows remote authenticated users to modify, delete, or read arbitrary files via a pathname in the file field.
Vulnerable Software & Versions: (show all )
org.eclipse.update.configurator-3.3.200.v20130326-1319.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.update.configurator\3.3.200.v20130326-1319\4375455f2f0bd4f014e79758bbb3d4b7340e2943\org.eclipse.update.configurator-3.3.200.v20130326-1319.jar
MD5: 6af0b597ad8ab9b35422f6170e31b594
SHA1: 4375455f2f0bd4f014e79758bbb3d4b7340e2943
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest service-component OSGI-INF/bundleGroup.xml Low
Vendor Manifest bundle-symbolicname org.eclipse.update.configurator; singleton:=true Medium
Vendor jar package name update Low
Vendor central groupid org.eclipse.birt.runtime Highest
Vendor Manifest require-bundle org.eclipse.equinox.common;bundle-version="[3.2.0,4.0.0)",org.eclipse.osgi;bundle-version="[3.2.0,4.0.0)" Low
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor pom groupid eclipse.birt.runtime Highest
Vendor pom artifactid eclipse.update.configurator Low
Vendor file name org.eclipse.update.configurator High
Vendor jar package name internal Low
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.4,CDC-1.0/Foundation-1.0,J2SE-1.3 Low
Vendor pom name org.eclipse.update.configurator_3.3.200.v20130326-1319.jar High
Vendor gradle groupid org.eclipse.birt.runtime Highest
Vendor jar package name eclipse Low
Product Manifest service-component OSGI-INF/bundleGroup.xml Low
Product jar package name configurator Low
Product pom artifactid eclipse.update.configurator Highest
Product Manifest bundle-symbolicname org.eclipse.update.configurator; singleton:=true Medium
Product jar package name update Low
Product gradle artifactid org.eclipse.update.configurator Highest
Product Manifest require-bundle org.eclipse.equinox.common;bundle-version="[3.2.0,4.0.0)",org.eclipse.osgi;bundle-version="[3.2.0,4.0.0)" Low
Product pom description A component of the BIRT runtime Medium
Product central artifactid org.eclipse.update.configurator Highest
Product file name org.eclipse.update.configurator High
Product jar package name internal Low
Product Manifest bundle-requiredexecutionenvironment J2SE-1.4,CDC-1.0/Foundation-1.0,J2SE-1.3 Low
Product pom name org.eclipse.update.configurator_3.3.200.v20130326-1319.jar High
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product pom groupid eclipse.birt.runtime Low
Product Manifest Bundle-Name %pluginName Medium
Version gradle version 3.3.200.v20130326-1319 Highest
Version file name org.eclipse.update.configurator Medium
Version pom version 3.3.200.v20130326-1319 Highest
Version Manifest Bundle-Version 3.3.200.v20130326-1319 High
Version central version 3.3.200.v20130326-1319 Highest
Version file version 3.3.200.v20130326 Highest
org.eclipse.datatools.connectivity.oda-3.4.3.v201405301249.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.connectivity.oda\3.4.3.v201405301249\91fa06c7a97275ea799fec9d557fc60def2e443d\org.eclipse.datatools.connectivity.oda-3.4.3.v201405301249.jar
MD5: 27cd0708de3587669ce5757e86d90a42
SHA1: 91fa06c7a97275ea799fec9d557fc60def2e443d
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor central groupid org.eclipse.birt.runtime Highest
Vendor file name org.eclipse.datatools.connectivity.oda High
Vendor Manifest require-bundle org.eclipse.core.runtime;bundle-version="[3.3.0,4.0.0)";visibility:=reexport,com.ibm.icu;bundle-version="3.4.4";visibility:=reexport Low
Vendor pom artifactid eclipse.datatools.connectivity.oda Low
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor pom groupid eclipse.birt.runtime Highest
Vendor jar package name connectivity Low
Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low
Vendor Manifest bundle-symbolicname org.eclipse.datatools.connectivity.oda; singleton:=true Medium
Vendor gradle groupid org.eclipse.birt.runtime Highest
Vendor pom name org.eclipse.datatools.connectivity.oda_3.4.3.v201405301249.jar High
Vendor jar package name datatools Low
Vendor jar package name eclipse Low
Product central artifactid org.eclipse.datatools.connectivity.oda Highest
Product pom artifactid eclipse.datatools.connectivity.oda Highest
Product jar package name oda Low
Product file name org.eclipse.datatools.connectivity.oda High
Product Manifest require-bundle org.eclipse.core.runtime;bundle-version="[3.3.0,4.0.0)";visibility:=reexport,com.ibm.icu;bundle-version="3.4.4";visibility:=reexport Low
Product pom description A component of the BIRT runtime Medium
Product jar package name connectivity Low
Product Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low
Product gradle artifactid org.eclipse.datatools.connectivity.oda Highest
Product Manifest Bundle-Name DTP Open Data Access Medium
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product pom groupid eclipse.birt.runtime Low
Product Manifest bundle-symbolicname org.eclipse.datatools.connectivity.oda; singleton:=true Medium
Product pom name org.eclipse.datatools.connectivity.oda_3.4.3.v201405301249.jar High
Product jar package name datatools Low
Version gradle version 3.4.3.v201405301249 Highest
Version Manifest Bundle-Version 3.4.3.v201405301249 High
Version file name org.eclipse.datatools.connectivity.oda Medium
Version pom version 3.4.3.v201405301249 Highest
Version central version 3.4.3.v201405301249 Highest
Version file version 3.4.3.v20140530 Highest
org.eclipse.emf-2.6.0.v20140901-1055.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.emf\2.6.0.v20140901-1055\11d8c54ef675a951256777a9f36ebf7e1646ffd6\org.eclipse.emf-2.6.0.v20140901-1055.jar
MD5: 9a377c1c93e9f69918196678d59a8ca8
SHA1: 11d8c54ef675a951256777a9f36ebf7e1646ffd6
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom artifactid eclipse.emf Low
Vendor central groupid org.eclipse.birt.runtime Highest
Vendor pom name org.eclipse.emf_2.6.0.v20140901-1055.jar High
Vendor gradle groupid org.eclipse.birt.runtime Highest
Vendor file name org.eclipse.emf High
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor Manifest bundle-symbolicname org.eclipse.emf;singleton:=true Medium
Vendor pom groupid eclipse.birt.runtime Highest
Product pom artifactid eclipse.emf Highest
Product central artifactid org.eclipse.emf Highest
Product pom name org.eclipse.emf_2.6.0.v20140901-1055.jar High
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product pom groupid eclipse.birt.runtime Low
Product gradle artifactid org.eclipse.emf Highest
Product file name org.eclipse.emf High
Product pom description A component of the BIRT runtime Medium
Product Manifest bundle-symbolicname org.eclipse.emf;singleton:=true Medium
Product Manifest Bundle-Name %pluginName Medium
Version file name org.eclipse.emf Medium
Version file version 2.6.0.v20140901 Highest
Version central version 2.6.0.v20140901-1055 Highest
Version pom version 2.6.0.v20140901-1055 Highest
Version gradle version 2.6.0.v20140901-1055 Highest
Version Manifest Bundle-Version 2.6.0.v20140901-1055 High
org.w3c.dom.smil-1.0.0.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\org.w3c.dom.smil\1.0.0\674bdda9162b48419741da833e445e190f33a58a\org.w3c.dom.smil-1.0.0.jar
MD5: c2494764f38da65d09ce0a0444d00dcd
SHA1: 674bdda9162b48419741da833e445e190f33a58a
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.4,J2SE-1.3,CDC-1.0/Foundation-1.0 Low
Vendor Manifest bundle-symbolicname org.w3c.dom.smil Medium
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor pom artifactid w3c.dom.smil Low
Vendor jar package name dom Low
Vendor pom groupid eclipse.birt.runtime.3_7_1 Highest
Vendor jar package name w3c Low
Vendor pom name org.w3c.dom.smil_1.0.0.v200806040011.jar High
Vendor file name org.w3c.dom.smil High
Vendor central groupid org.eclipse.birt.runtime.3_7_1 Highest
Vendor jar package name smil Low
Vendor gradle groupid org.eclipse.birt.runtime.3_7_1 Highest
Product Manifest bundle-requiredexecutionenvironment J2SE-1.4,J2SE-1.3,CDC-1.0/Foundation-1.0 Low
Product central artifactid org.w3c.dom.smil Highest
Product pom groupid eclipse.birt.runtime.3_7_1 Low
Product Manifest bundle-symbolicname org.w3c.dom.smil Medium
Product pom description A component of the BIRT runtime Medium
Product jar package name dom Low
Product gradle artifactid org.w3c.dom.smil Highest
Product jar package name elementtimecontrol Low
Product pom name org.w3c.dom.smil_1.0.0.v200806040011.jar High
Product file name org.w3c.dom.smil High
Product jar package name smil Low
Product pom artifactid w3c.dom.smil Highest
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product Manifest Bundle-Name %pluginName Medium
Version central version 1.0.0 Highest
Version file version 1.0.0 Highest
Version pom version 1.0.0 Highest
Published Vulnerabilities
CVE-2009-4521 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.
Vulnerable Software & Versions:
org.eclipse.datatools.enablement.hsqldb.dbdefinition-1.0.0.v201107221502.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.enablement.hsqldb.dbdefinition\1.0.0.v201107221502\aa3214296e97b4dfd14345acea23f2c92e992c36\org.eclipse.datatools.enablement.hsqldb.dbdefinition-1.0.0.v201107221502.jar
MD5: 05e41d890be61af0474adb514358d03c
SHA1: aa3214296e97b4dfd14345acea23f2c92e992c36
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom artifactid eclipse.datatools.enablement.hsqldb.dbdefinition Low
Vendor pom name org.eclipse.datatools.enablement.hsqldb.dbdefinition_1.0.0.v201107221502.jar High
Vendor central groupid org.eclipse.birt.runtime Highest
Vendor Manifest bundle-symbolicname org.eclipse.datatools.enablement.hsqldb.dbdefinition; singleton:=true Medium
Vendor gradle groupid org.eclipse.birt.runtime Highest
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor file name org.eclipse.datatools.enablement.hsqldb.dbdefinition High
Vendor pom groupid eclipse.birt.runtime Highest
Product pom artifactid eclipse.datatools.enablement.hsqldb.dbdefinition Highest
Product Manifest Bundle-Name %Bundle-Name Medium
Product pom name org.eclipse.datatools.enablement.hsqldb.dbdefinition_1.0.0.v201107221502.jar High
Product central artifactid org.eclipse.datatools.enablement.hsqldb.dbdefinition Highest
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product Manifest bundle-symbolicname org.eclipse.datatools.enablement.hsqldb.dbdefinition; singleton:=true Medium
Product pom groupid eclipse.birt.runtime Low
Product gradle artifactid org.eclipse.datatools.enablement.hsqldb.dbdefinition Highest
Product pom description A component of the BIRT runtime Medium
Product file name org.eclipse.datatools.enablement.hsqldb.dbdefinition High
Version file name org.eclipse.datatools.enablement.hsqldb.dbdefinition Medium
Version pom version 1.0.0.v201107221502 Highest
Version central version 1.0.0.v201107221502 Highest
Version gradle version 1.0.0.v201107221502 Highest
Version file version 1.0.0.v20110722 Highest
Version Manifest Bundle-Version 1.0.0.v201107221502 High
Published Vulnerabilities
CVE-2009-4521 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.
Vulnerable Software & Versions:
org.eclipse.datatools.modelbase.derby-1.0.0.v201107221519.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.modelbase.derby\1.0.0.v201107221519\93018a0f0e585dd4ceb70e849570d6143034273a\org.eclipse.datatools.modelbase.derby-1.0.0.v201107221519.jar
MD5: 690932e0843d8a64619cc8a9b8e39408
SHA1: 93018a0f0e585dd4ceb70e849570d6143034273a
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name modelbase Low
Vendor file name org.eclipse.datatools.modelbase.derby High
Vendor Manifest require-bundle org.eclipse.datatools.modelbase.sql;bundle-version="[0.9.0,1.5.0)" Low
Vendor central groupid org.eclipse.birt.runtime Highest
Vendor pom artifactid eclipse.datatools.modelbase.derby Low
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor pom groupid eclipse.birt.runtime Highest
Vendor Manifest bundle-symbolicname org.eclipse.datatools.modelbase.derby; singleton:=true Medium
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Vendor pom name org.eclipse.datatools.modelbase.derby_1.0.0.v201107221519.jar High
Vendor gradle groupid org.eclipse.birt.runtime Highest
Vendor jar package name datatools Low
Vendor jar package name eclipse Low
Product jar package name modelbase Low
Product file name org.eclipse.datatools.modelbase.derby High
Product Manifest require-bundle org.eclipse.datatools.modelbase.sql;bundle-version="[0.9.0,1.5.0)" Low
Product pom artifactid eclipse.datatools.modelbase.derby Highest
Product gradle artifactid org.eclipse.datatools.modelbase.derby Highest
Product central artifactid org.eclipse.datatools.modelbase.derby Highest
Product pom description A component of the BIRT runtime Medium
Product jar package name derby Low
Product Manifest bundle-symbolicname org.eclipse.datatools.modelbase.derby; singleton:=true Medium
Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Product pom name org.eclipse.datatools.modelbase.derby_1.0.0.v201107221519.jar High
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product pom groupid eclipse.birt.runtime Low
Product jar package name datatools Low
Product Manifest Bundle-Name %pluginName Medium
Version file name org.eclipse.datatools.modelbase.derby Medium
Version central version 1.0.0.v201107221519 Highest
Version pom version 1.0.0.v201107221519 Highest
Version file version 1.0.0.v20110722 Highest
Version gradle version 1.0.0.v201107221519 Highest
Version Manifest Bundle-Version 1.0.0.v201107221519 High
Published Vulnerabilities
CVE-2009-4521 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.
Vulnerable Software & Versions:
org.apache.batik.parser-1.6.0.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\org.apache.batik.parser\1.6.0\5e6dd459704dd6bd168f1b030cb739872e994339\org.apache.batik.parser-1.6.0.jar
MD5: e9438886ce3c270c3ab3d8a3153607c6
SHA1: 5e6dd459704dd6bd168f1b030cb739872e994339
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest require-bundle org.apache.batik.ext.awt;bundle-version="[1.6.0,1.7.0)",org.apache.batik.util;bundle-version="[1.6.0,1.7.0)",org.apache.batik.xml;bundle-version="[1.6.0,1.7.0)",org.w3c.dom.svg;bundle-version="[1.1.0,1.3.0)" Low
Vendor jar package name apache Low
Vendor file name org.apache.batik.parser High
Vendor pom artifactid apache.batik.parser Low
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.3 Low
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor pom groupid eclipse.birt.runtime.3_7_1 Highest
Vendor pom name org.apache.batik.parser_1.6.0.v201011041432.jar High
Vendor central groupid org.eclipse.birt.runtime.3_7_1 Highest
Vendor jar package name batik Low
Vendor Manifest bundle-symbolicname org.apache.batik.parser Medium
Vendor jar package name parser Low
Vendor gradle groupid org.eclipse.birt.runtime.3_7_1 Highest
Product Manifest require-bundle org.apache.batik.ext.awt;bundle-version="[1.6.0,1.7.0)",org.apache.batik.util;bundle-version="[1.6.0,1.7.0)",org.apache.batik.xml;bundle-version="[1.6.0,1.7.0)",org.w3c.dom.svg;bundle-version="[1.1.0,1.3.0)" Low
Product file name org.apache.batik.parser High
Product pom groupid eclipse.birt.runtime.3_7_1 Low
Product central artifactid org.apache.batik.parser Highest
Product Manifest bundle-requiredexecutionenvironment J2SE-1.3 Low
Product pom description A component of the BIRT runtime Medium
Product gradle artifactid org.apache.batik.parser Highest
Product pom name org.apache.batik.parser_1.6.0.v201011041432.jar High
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product jar package name batik Low
Product pom artifactid apache.batik.parser Highest
Product Manifest bundle-symbolicname org.apache.batik.parser Medium
Product jar package name parser Low
Product Manifest Bundle-Name %pluginName Medium
Version file version 1.6.0 Highest
Version pom version 1.6.0 Highest
Version central version 1.6.0 Highest
Published Vulnerabilities
CVE-2015-0250 suppress
Severity:
Medium
CVSS Score: 6.4
(AV:N/AC:L/Au:N/C:P/I:N/A:P)
XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.
Vulnerable Software & Versions: (show all )
CVE-2017-5662 suppress
Severity:
High
CVSS Score: 7.9
(AV:N/AC:M/Au:S/C:C/I:N/A:C)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.
Vulnerable Software & Versions:
org.eclipse.equinox.common-3.6.200.v20130402-1505.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.equinox.common\3.6.200.v20130402-1505\550778d95ea4d5f2fee765e85eb799cec21067e0\org.eclipse.equinox.common-3.6.200.v20130402-1505.jar
MD5: 551dd5efb955af78e2794fb67a30be0c
SHA1: 550778d95ea4d5f2fee765e85eb799cec21067e0
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest bundle-requiredexecutionenvironment CDC-1.1/Foundation-1.1,J2SE-1.4 Low
Vendor pom artifactid eclipse.equinox.common Low
Vendor central groupid org.eclipse.birt.runtime Highest
Vendor Manifest bundle-symbolicname org.eclipse.equinox.common; singleton:=true Medium
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor pom groupid eclipse.birt.runtime Highest
Vendor Manifest comment-header Both Eclipse-LazyStart and Bundle-ActivationPolicy are specified for compatibility with 3.2 Low
Vendor jar package name runtime Low
Vendor file name org.eclipse.equinox.common High
Vendor jar package name core Low
Vendor pom name org.eclipse.equinox.common_3.6.200.v20130402-1505.jar High
Vendor gradle groupid org.eclipse.birt.runtime Highest
Vendor jar package name eclipse Low
Product Manifest bundle-requiredexecutionenvironment CDC-1.1/Foundation-1.1,J2SE-1.4 Low
Product gradle artifactid org.eclipse.equinox.common Highest
Product Manifest bundle-symbolicname org.eclipse.equinox.common; singleton:=true Medium
Product central artifactid org.eclipse.equinox.common Highest
Product pom artifactid eclipse.equinox.common Highest
Product pom description A component of the BIRT runtime Medium
Product Manifest comment-header Both Eclipse-LazyStart and Bundle-ActivationPolicy are specified for compatibility with 3.2 Low
Product jar package name runtime Low
Product file name org.eclipse.equinox.common High
Product jar package name core Low
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product pom groupid eclipse.birt.runtime Low
Product pom name org.eclipse.equinox.common_3.6.200.v20130402-1505.jar High
Product Manifest Bundle-Name %pluginName Medium
Version file name org.eclipse.equinox.common Medium
Version Manifest Bundle-Version 3.6.200.v20130402-1505 High
Version central version 3.6.200.v20130402-1505 Highest
Version Manifest comment-header 3.2 Low
Version gradle version 3.6.200.v20130402-1505 Highest
Version pom version 3.6.200.v20130402-1505 Highest
Version file version 3.6.200.v20130402 Highest
org.apache.batik.util.gui-1.6.0.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\org.apache.batik.util.gui\1.6.0\6afa9107935bdeede0487c770bb0537b1a341c81\org.apache.batik.util.gui-1.6.0.jar
MD5: 37cc80a8417e17b2f43b85f871b67714
SHA1: 6afa9107935bdeede0487c770bb0537b1a341c81
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name apache Low
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.3 Low
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor file name org.apache.batik.util.gui High
Vendor pom groupid eclipse.birt.runtime.3_7_1 Highest
Vendor Manifest bundle-symbolicname org.apache.batik.util.gui Medium
Vendor pom name org.apache.batik.util.gui_1.6.0.v201011041432.jar High
Vendor central groupid org.eclipse.birt.runtime.3_7_1 Highest
Vendor jar package name util Low
Vendor jar package name batik Low
Vendor gradle groupid org.eclipse.birt.runtime.3_7_1 Highest
Vendor pom artifactid apache.batik.util.gui Low
Product pom groupid eclipse.birt.runtime.3_7_1 Low
Product pom artifactid apache.batik.util.gui Highest
Product jar package name gui Low
Product gradle artifactid org.apache.batik.util.gui Highest
Product Manifest bundle-requiredexecutionenvironment J2SE-1.3 Low
Product pom description A component of the BIRT runtime Medium
Product file name org.apache.batik.util.gui High
Product Manifest bundle-symbolicname org.apache.batik.util.gui Medium
Product pom name org.apache.batik.util.gui_1.6.0.v201011041432.jar High
Product jar package name util Low
Product central artifactid org.apache.batik.util.gui Highest
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product jar package name batik Low
Product Manifest Bundle-Name %pluginName Medium
Version file version 1.6.0 Highest
Version pom version 1.6.0 Highest
Version central version 1.6.0 Highest
Published Vulnerabilities
CVE-2015-0250 suppress
Severity:
Medium
CVSS Score: 6.4
(AV:N/AC:L/Au:N/C:P/I:N/A:P)
XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.
Vulnerable Software & Versions: (show all )
CVE-2017-5662 suppress
Severity:
High
CVSS Score: 7.9
(AV:N/AC:M/Au:S/C:C/I:N/A:C)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.
Vulnerable Software & Versions:
javax.xml.stream-1.0.1.v201004272200.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\javax.xml.stream\1.0.1.v201004272200\3a4f0067058e2aa9af1c6e463bc8a147a99681c0\javax.xml.stream-1.0.1.v201004272200.jar
MD5: dfb3dc47c90f4273c2036aab23ee4fe3
SHA1: 3a4f0067058e2aa9af1c6e463bc8a147a99681c0
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name javax Low
Vendor jar package name stream Low
Vendor pom name javax.xml.stream_1.0.1.v201004272200.jar High
Vendor Manifest bundle-symbolicname javax.xml.stream Medium
Vendor central groupid org.eclipse.birt.runtime Highest
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor jar package name xml Low
Vendor pom groupid eclipse.birt.runtime Highest
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.4 Low
Vendor pom artifactid javax.xml.stream Low
Vendor file name javax.xml.stream High
Vendor gradle groupid org.eclipse.birt.runtime Highest
Product central artifactid javax.xml.stream Highest
Product jar package name stream Low
Product pom name javax.xml.stream_1.0.1.v201004272200.jar High
Product Manifest bundle-symbolicname javax.xml.stream Medium
Product pom artifactid javax.xml.stream Highest
Product pom description A component of the BIRT runtime Medium
Product jar package name xml Low
Product Manifest bundle-requiredexecutionenvironment J2SE-1.4 Low
Product Manifest Bundle-Name %Bundle-Name Medium
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product file name javax.xml.stream High
Product pom groupid eclipse.birt.runtime Low
Product gradle artifactid javax.xml.stream Highest
Version central version 1.0.1.v201004272200 Highest
Version pom version 1.0.1.v201004272200 Highest
Version gradle version 1.0.1.v201004272200 Highest
Version file name javax.xml.stream Medium
Version Manifest Bundle-Version 1.0.1.v201004272200 High
Version file version 1.0.1.v20100427 Highest
Published Vulnerabilities
CVE-2009-4521 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.
Vulnerable Software & Versions:
org.eclipse.datatools.enablement.ibm.informix-1.0.1.v201107221502.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.enablement.ibm.informix\1.0.1.v201107221502\8c1d7354580604905a00c7d9acce3fbc5696b537\org.eclipse.datatools.enablement.ibm.informix-1.0.1.v201107221502.jar
MD5: 9ffbdc7f0a83fbbb1d64cb3b9578e3fa
SHA1: 8c1d7354580604905a00c7d9acce3fbc5696b537
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom name org.eclipse.datatools.enablement.ibm.informix_1.0.1.v201107221502.jar High
Vendor file name org.eclipse.datatools.enablement.ibm.informix High
Vendor central groupid org.eclipse.birt.runtime Highest
Vendor Manifest bundle-symbolicname org.eclipse.datatools.enablement.ibm.informix;singleton:=true Medium
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor jar package name enablement Low
Vendor pom groupid eclipse.birt.runtime Highest
Vendor Manifest require-bundle org.eclipse.datatools.connectivity;bundle-version="[1.0.1,2.0.0)",org.eclipse.datatools.connectivity.sqm.core;bundle-version="[1.0.0,2.0.0)" Low
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Vendor gradle groupid org.eclipse.birt.runtime Highest
Vendor pom artifactid eclipse.datatools.enablement.ibm.informix Low
Vendor jar package name datatools Low
Vendor jar package name eclipse Low
Product pom name org.eclipse.datatools.enablement.ibm.informix_1.0.1.v201107221502.jar High
Product gradle artifactid org.eclipse.datatools.enablement.ibm.informix Highest
Product jar package name ibm Low
Product file name org.eclipse.datatools.enablement.ibm.informix High
Product Manifest bundle-symbolicname org.eclipse.datatools.enablement.ibm.informix;singleton:=true Medium
Product pom artifactid eclipse.datatools.enablement.ibm.informix Highest
Product pom description A component of the BIRT runtime Medium
Product jar package name enablement Low
Product Manifest require-bundle org.eclipse.datatools.connectivity;bundle-version="[1.0.1,2.0.0)",org.eclipse.datatools.connectivity.sqm.core;bundle-version="[1.0.0,2.0.0)" Low
Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product pom groupid eclipse.birt.runtime Low
Product jar package name datatools Low
Product Manifest Bundle-Name %pluginName Medium
Product central artifactid org.eclipse.datatools.enablement.ibm.informix Highest
Version Manifest Bundle-Version 1.0.1.v201107221502 High
Version central version 1.0.1.v201107221502 Highest
Version file name org.eclipse.datatools.enablement.ibm.informix Medium
Version pom version 1.0.1.v201107221502 Highest
Version gradle version 1.0.1.v201107221502 Highest
Version file version 1.0.1.v20110722 Highest
org.apache.batik.svggen-1.6.0.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\org.apache.batik.svggen\1.6.0\5cb65af57bdfd093c47b3cf7bc8bb57e10f5451\org.apache.batik.svggen-1.6.0.jar
MD5: 2239ba844d960edd4874475630daf205
SHA1: 05cb65af57bdfd093c47b3cf7bc8bb57e10f5451
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name apache Low
Vendor Manifest require-bundle org.apache.batik.ext.awt;bundle-version="[1.6.0,1.7.0)",org.apache.batik.util;bundle-version="[1.6.0,1.7.0)" Low
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.3 Low
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor pom groupid eclipse.birt.runtime.3_7_1 Highest
Vendor pom artifactid apache.batik.svggen Low
Vendor file name org.apache.batik.svggen High
Vendor central groupid org.eclipse.birt.runtime.3_7_1 Highest
Vendor jar package name batik Low
Vendor jar package name svggen Low
Vendor Manifest bundle-symbolicname org.apache.batik.svggen Medium
Vendor gradle groupid org.eclipse.birt.runtime.3_7_1 Highest
Vendor pom name org.apache.batik.svggen_1.6.0.v201011041432.jar High
Product pom groupid eclipse.birt.runtime.3_7_1 Low
Product pom artifactid apache.batik.svggen Highest
Product gradle artifactid org.apache.batik.svggen Highest
Product Manifest require-bundle org.apache.batik.ext.awt;bundle-version="[1.6.0,1.7.0)",org.apache.batik.util;bundle-version="[1.6.0,1.7.0)" Low
Product Manifest bundle-requiredexecutionenvironment J2SE-1.3 Low
Product pom description A component of the BIRT runtime Medium
Product central artifactid org.apache.batik.svggen Highest
Product file name org.apache.batik.svggen High
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product jar package name batik Low
Product jar package name svggen Low
Product Manifest bundle-symbolicname org.apache.batik.svggen Medium
Product pom name org.apache.batik.svggen_1.6.0.v201011041432.jar High
Product Manifest Bundle-Name %pluginName Medium
Version file version 1.6.0 Highest
Version pom version 1.6.0 Highest
Version central version 1.6.0 Highest
Published Vulnerabilities
CVE-2015-0250 suppress
Severity:
Medium
CVSS Score: 6.4
(AV:N/AC:L/Au:N/C:P/I:N/A:P)
XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.
Vulnerable Software & Versions: (show all )
CVE-2017-5662 suppress
Severity:
High
CVSS Score: 7.9
(AV:N/AC:M/Au:S/C:C/I:N/A:C)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.
Vulnerable Software & Versions:
org.apache.batik.dom-1.6.0.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\org.apache.batik.dom\1.6.0\e9fe8d31ea04c6cd566e35f61524e561821bbe57\org.apache.batik.dom-1.6.0.jar
MD5: d894d215bb57972a2c912016a7c8af26
SHA1: e9fe8d31ea04c6cd566e35f61524e561821bbe57
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name apache Low
Vendor pom name org.apache.batik.dom_1.6.0.v201011041432.jar High
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor jar package name dom Low
Vendor pom groupid eclipse.birt.runtime.3_7_1 Highest
Vendor Manifest bundle-symbolicname org.apache.batik.dom Medium
Vendor central groupid org.eclipse.birt.runtime.3_7_1 Highest
Vendor Manifest require-bundle org.apache.batik.css;bundle-version="[1.6.0,1.7.0)",org.apache.batik.util;bundle-version="[1.6.0,1.7.0)",org.apache.batik.xml;bundle-version="[1.6.0,1.7.0)",org.w3c.css.sac;bundle-version="[1.3.0,1.4.0)" Low
Vendor jar package name batik Low
Vendor file name org.apache.batik.dom High
Vendor gradle groupid org.eclipse.birt.runtime.3_7_1 Highest
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.4,J2SE-1.3 Low
Vendor pom artifactid apache.batik.dom Low
Product pom groupid eclipse.birt.runtime.3_7_1 Low
Product pom name org.apache.batik.dom_1.6.0.v201011041432.jar High
Product pom artifactid apache.batik.dom Highest
Product central artifactid org.apache.batik.dom Highest
Product pom description A component of the BIRT runtime Medium
Product jar package name dom Low
Product Manifest bundle-symbolicname org.apache.batik.dom Medium
Product gradle artifactid org.apache.batik.dom Highest
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product Manifest require-bundle org.apache.batik.css;bundle-version="[1.6.0,1.7.0)",org.apache.batik.util;bundle-version="[1.6.0,1.7.0)",org.apache.batik.xml;bundle-version="[1.6.0,1.7.0)",org.w3c.css.sac;bundle-version="[1.3.0,1.4.0)" Low
Product jar package name batik Low
Product file name org.apache.batik.dom High
Product Manifest bundle-requiredexecutionenvironment J2SE-1.4,J2SE-1.3 Low
Product Manifest Bundle-Name %pluginName Medium
Version file version 1.6.0 Highest
Version pom version 1.6.0 Highest
Version central version 1.6.0 Highest
Published Vulnerabilities
CVE-2015-0250 suppress
Severity:
Medium
CVSS Score: 6.4
(AV:N/AC:L/Au:N/C:P/I:N/A:P)
XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.
Vulnerable Software & Versions: (show all )
CVE-2017-5662 suppress
Severity:
High
CVSS Score: 7.9
(AV:N/AC:M/Au:S/C:C/I:N/A:C)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.
Vulnerable Software & Versions:
org.apache.batik.css-1.6.0.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\org.apache.batik.css\1.6.0\1e54558f0ad4b78f907f3461c14c7a7a91aecab2\org.apache.batik.css-1.6.0.jar
MD5: a6b1201c835cb3e98733bd3214cb460e
SHA1: 1e54558f0ad4b78f907f3461c14c7a7a91aecab2
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name apache Low
Vendor Manifest require-bundle org.apache.batik.util;bundle-version="[1.6.0,1.7.0)",org.w3c.css.sac;bundle-version="[1.3.0,1.4.0)",org.w3c.dom.svg;bundle-version="[1.1.0,1.3.0)" Low
Vendor pom name org.apache.batik.css_1.6.0.v201011041432.jar High
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.3 Low
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor pom groupid eclipse.birt.runtime.3_7_1 Highest
Vendor central groupid org.eclipse.birt.runtime.3_7_1 Highest
Vendor Manifest bundle-symbolicname org.apache.batik.css Medium
Vendor jar package name batik Low
Vendor file name org.apache.batik.css High
Vendor pom artifactid apache.batik.css Low
Vendor gradle groupid org.eclipse.birt.runtime.3_7_1 Highest
Vendor jar package name css Low
Product central artifactid org.apache.batik.css Highest
Product pom groupid eclipse.birt.runtime.3_7_1 Low
Product Manifest require-bundle org.apache.batik.util;bundle-version="[1.6.0,1.7.0)",org.w3c.css.sac;bundle-version="[1.3.0,1.4.0)",org.w3c.dom.svg;bundle-version="[1.1.0,1.3.0)" Low
Product pom artifactid apache.batik.css Highest
Product pom name org.apache.batik.css_1.6.0.v201011041432.jar High
Product Manifest bundle-requiredexecutionenvironment J2SE-1.3 Low
Product pom description A component of the BIRT runtime Medium
Product jar package name engine Low
Product gradle artifactid org.apache.batik.css Highest
Product Manifest bundle-symbolicname org.apache.batik.css Medium
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product jar package name batik Low
Product file name org.apache.batik.css High
Product Manifest Bundle-Name %pluginName Medium
Product jar package name css Low
Version file version 1.6.0 Highest
Version pom version 1.6.0 Highest
Version central version 1.6.0 Highest
Published Vulnerabilities
CVE-2015-0250 suppress
Severity:
Medium
CVSS Score: 6.4
(AV:N/AC:L/Au:N/C:P/I:N/A:P)
XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.
Vulnerable Software & Versions: (show all )
CVE-2017-5662 suppress
Severity:
High
CVSS Score: 7.9
(AV:N/AC:M/Au:S/C:C/I:N/A:C)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.
Vulnerable Software & Versions:
org.eclipse.datatools.enablement.mysql-1.0.4.v201212120617.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.enablement.mysql\1.0.4.v201212120617\b8862d790cf4715ce8b1a5c54d9fa9ee2557154f\org.eclipse.datatools.enablement.mysql-1.0.4.v201212120617.jar
MD5: 44f378e79fa8e6401887f374b6a8ebad
SHA1: b8862d790cf4715ce8b1a5c54d9fa9ee2557154f
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor central groupid org.eclipse.birt.runtime Highest
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor Manifest require-bundle org.eclipse.emf.ecore;bundle-version="[2.2.0,3.0.0)",org.eclipse.core.runtime;bundle-version="[3.2.0,4.0.0)",org.eclipse.datatools.modelbase.dbdefinition;bundle-version="[0.9.0,1.5.0)",org.eclipse.datatools.modelbase.sql;bundle-version="[0.9.0,1.5.0)",org.eclipse.datatools.connectivity.sqm.core;bundle-version="[0.9.0,1.5.0)",org.eclipse.datatools.connectivity;bundle-version="[1.0.1,2.0.0)" Low
Vendor jar package name enablement Low
Vendor pom groupid eclipse.birt.runtime Highest
Vendor Manifest bundle-symbolicname org.eclipse.datatools.enablement.mysql; singleton:=true Medium
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Vendor pom name org.eclipse.datatools.enablement.mysql_1.0.4.v201212120617.jar High
Vendor gradle groupid org.eclipse.birt.runtime Highest
Vendor jar package name datatools Low
Vendor file name org.eclipse.datatools.enablement.mysql High
Vendor jar package name eclipse Low
Vendor pom artifactid eclipse.datatools.enablement.mysql Low
Product gradle artifactid org.eclipse.datatools.enablement.mysql Highest
Product jar package name mysql Low
Product pom description A component of the BIRT runtime Medium
Product Manifest require-bundle org.eclipse.emf.ecore;bundle-version="[2.2.0,3.0.0)",org.eclipse.core.runtime;bundle-version="[3.2.0,4.0.0)",org.eclipse.datatools.modelbase.dbdefinition;bundle-version="[0.9.0,1.5.0)",org.eclipse.datatools.modelbase.sql;bundle-version="[0.9.0,1.5.0)",org.eclipse.datatools.connectivity.sqm.core;bundle-version="[0.9.0,1.5.0)",org.eclipse.datatools.connectivity;bundle-version="[1.0.1,2.0.0)" Low
Product jar package name enablement Low
Product Manifest bundle-symbolicname org.eclipse.datatools.enablement.mysql; singleton:=true Medium
Product central artifactid org.eclipse.datatools.enablement.mysql Highest
Product pom artifactid eclipse.datatools.enablement.mysql Highest
Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Product pom name org.eclipse.datatools.enablement.mysql_1.0.4.v201212120617.jar High
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product pom groupid eclipse.birt.runtime Low
Product jar package name datatools Low
Product file name org.eclipse.datatools.enablement.mysql High
Product Manifest Bundle-Name %pluginName Medium
Version file version 1.0.4.v20121212 Highest
Version central version 1.0.4.v201212120617 Highest
Version file name org.eclipse.datatools.enablement.mysql Medium
Version gradle version 1.0.4.v201212120617 Highest
Version Manifest Bundle-Version 1.0.4.v201212120617 High
Version pom version 1.0.4.v201212120617 Highest
Published Vulnerabilities
CVE-2001-0407 suppress
Severity:
Medium
CVSS Score: 4.6
(AV:L/AC:L/Au:N/C:P/I:P/A:P)
Directory traversal vulnerability in MySQL before 3.23.36 allows local users to modify arbitrary files and gain privileges by creating a database whose name starts with .. (dot dot).
Vulnerable Software & Versions:
CVE-2001-1274 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Buffer overflow in MySQL before 3.23.31 allows attackers to cause a denial of service and possibly gain privileges.
Vulnerable Software & Versions:
CVE-2001-1275 suppress
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
MySQL before 3.23.31 allows users with a MySQL account to use the SHOW GRANTS command to obtain the encrypted administrator password from the mysql.user table and possibly gain privileges via password cracking.
Vulnerable Software & Versions:
CVE-2001-1454 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Buffer overflow in MySQL before 3.23.33 allows remote attackers to execute arbitrary code via a long drop database request.
Vulnerable Software & Versions:
CVE-2003-1331 suppress
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:H/Au:N/C:N/I:P/A:P)
Stack-based buffer overflow in the mysql_real_connect function in the MySql client library (libmysqlclient) 4.0.13 and earlier allows local users to execute arbitrary code via a long socket name, a different vulnerability than CVE-2001-1453.
Vulnerable Software & Versions:
CVE-2004-0457 suppress
Severity:
Medium
CVSS Score: 4.6
(AV:L/AC:L/Au:N/C:P/I:P/A:P)
The mysqlhotcopy script in mysql 4.0.20 and earlier, when using the scp method from the mysql-server package, allows local users to overwrite arbitrary files via a symlink attack on temporary files.
Vulnerable Software & Versions:
CVE-2004-0835 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct unauthorized activities.
Vulnerable Software & Versions: (show all )
CVE-2004-0836 suppress
Severity:
High
CVSS Score: 10.0
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Buffer overflow in the mysql_real_connect function in MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows remote DNS servers to cause a denial of service and possibly execute arbitrary code via a DNS response with a large address length (h_length).
Vulnerable Software & Versions: (show all )
CVE-2004-0837 suppress
Severity:
Low
CVSS Score: 2.6
(AV:N/AC:H/Au:N/C:N/I:N/A:P)
MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to cause a denial of service (crash or hang) via multiple threads that simultaneously alter MERGE table UNIONs.
Vulnerable Software & Versions: (show all )
CVE-2006-7232 suppress
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
CWE: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x before 5.1.14 allows remote authenticated users to cause a denial of service (crash) via an EXPLAIN SELECT FROM on the INFORMATION_SCHEMA table, as originally demonstrated using ORDER BY.
Vulnerable Software & Versions: (show all )
CVE-2007-1420 suppress
Severity:
Low
CVSS Score: 2.1
(AV:L/AC:L/Au:N/C:N/I:N/A:P)
MySQL 5.x before 5.0.36 allows local users to cause a denial of service (database crash) by performing information_schema table subselects and using ORDER BY to sort a single-row result, which prevents certain structure elements from being initialized and triggers a NULL dereference in the filesort function.
Vulnerable Software & Versions: (show all )
CVE-2007-2583 suppress
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-189 Numeric Errors
The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference.
Vulnerable Software & Versions: (show all )
CVE-2007-2691 suppress
Severity:
Medium
CVSS Score: 4.9
(AV:N/AC:M/Au:S/C:N/I:P/A:P)
MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.
Vulnerable Software & Versions: (show all )
CVE-2007-5925 suppress
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation
The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, which triggers an assertion error.
Vulnerable Software & Versions:
CVE-2008-2079 suppress
Severity:
Medium
CVSS Score: 4.6
(AV:N/AC:H/Au:S/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls
MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future.
Vulnerable Software & Versions: (show all )
CVE-2009-0819 suppress
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," which triggers an assertion failure.
Vulnerable Software & Versions: (show all )
CVE-2009-4028 suppress
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation
The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library.
Vulnerable Software & Versions: (show all )
CVE-2010-1621 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The mysql_uninstall_plugin function in sql/sql_plugin.cc in MySQL 5.1 before 5.1.46 does not check privileges before uninstalling a plugin, which allows remote attackers to uninstall arbitrary plugins via the UNINSTALL PLUGIN command.
Vulnerable Software & Versions:
CVE-2010-1626 suppress
Severity:
Low
CVSS Score: 3.6
(AV:L/AC:L/Au:N/C:N/I:P/A:P)
CWE: CWE-59 Improper Link Resolution Before File Access ('Link Following')
MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than CVE-2008-4098 and CVE-2008-7247.
Vulnerable Software & Versions: (show all )
CVE-2010-2008 suppress
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation
MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory.
Vulnerable Software & Versions: (show all )
CVE-2010-3677 suppress
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors
Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a join query that uses a table with a unique SET column.
Vulnerable Software & Versions: (show all )
CVE-2010-3682 suppress
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using EXPLAIN with crafted "SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...)" statements, which triggers a NULL pointer dereference in the Item_singlerow_subselect::store function.
Vulnerable Software & Versions: (show all )
CVE-2012-5627 suppress
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:P/I:N/A:N)
CWE: CWE-255 Credentials Management
Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks.
Vulnerable Software & Versions: (show all )
CVE-2013-0375 suppress
Severity:
Medium
CVSS Score: 5.5
(AV:N/AC:L/Au:S/C:P/I:P/A:N)
CWE: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.1.28 and earlier, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication.
Vulnerable Software & Versions: (show all )
CVE-2014-9906 suppress
Severity:
High
CVSS Score: 10.0
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-416 Use After Free
Use-after-free vulnerability in DBD::mysql before 4.029 allows attackers to cause a denial of service (program crash) or possibly execute arbitrary code via vectors related to a lost server connection.
Vulnerable Software & Versions:
CVE-2015-2575 suppress
Severity:
Medium
CVSS Score: 4.9
(AV:N/AC:M/Au:S/C:P/I:P/A:N)
Unspecified vulnerability in the MySQL Connectors component in Oracle MySQL 5.1.34 and earlier allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Connector/J.
Vulnerable Software & Versions:
CVE-2016-1246 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service (crash) via vectors related to an error message.
Vulnerable Software & Versions:
CVE-2017-10788 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-416 Use After Free
The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by triggering (1) certain error responses from a MySQL server or (2) a loss of a network connection to a MySQL server. The use-after-free defect was introduced by relying on incorrect Oracle mysql_stmt_close documentation and code examples.
Vulnerable Software & Versions:
CVE-2017-10789 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-254 Security Features
The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional (even though this setting's documentation has a "your communication with the server will be encrypted" statement), which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152.
Vulnerable Software & Versions:
org.eclipse.datatools.connectivity.db.generic-1.0.1.v201107221459.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.connectivity.db.generic\1.0.1.v201107221459\4dd3c5554bea2302448e4201167e36e2bf11d383\org.eclipse.datatools.connectivity.db.generic-1.0.1.v201107221459.jar
MD5: 43b6a19ecae85c97702103d4e3aad0e2
SHA1: 4dd3c5554bea2302448e4201167e36e2bf11d383
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor central groupid org.eclipse.birt.runtime Highest
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor pom groupid eclipse.birt.runtime Highest
Vendor jar package name connectivity Low
Vendor file name org.eclipse.datatools.connectivity.db.generic High
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Vendor Manifest bundle-symbolicname org.eclipse.datatools.connectivity.db.generic; singleton:=true Medium
Vendor Manifest require-bundle org.eclipse.core.runtime;bundle-version="[3.2.0,4.0.0)",org.eclipse.datatools.connectivity;bundle-version="[0.9.1,1.5.0)" Low
Vendor pom name org.eclipse.datatools.connectivity.db.generic_1.0.1.v201107221459.jar High
Vendor gradle groupid org.eclipse.birt.runtime Highest
Vendor pom artifactid eclipse.datatools.connectivity.db.generic Low
Vendor jar package name datatools Low
Vendor jar package name eclipse Low
Product pom artifactid eclipse.datatools.connectivity.db.generic Highest
Product pom description A component of the BIRT runtime Medium
Product jar package name db Low
Product jar package name connectivity Low
Product file name org.eclipse.datatools.connectivity.db.generic High
Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Product Manifest bundle-symbolicname org.eclipse.datatools.connectivity.db.generic; singleton:=true Medium
Product Manifest Bundle-Name %Bundle-Name Medium
Product gradle artifactid org.eclipse.datatools.connectivity.db.generic Highest
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product Manifest require-bundle org.eclipse.core.runtime;bundle-version="[3.2.0,4.0.0)",org.eclipse.datatools.connectivity;bundle-version="[0.9.1,1.5.0)" Low
Product pom groupid eclipse.birt.runtime Low
Product pom name org.eclipse.datatools.connectivity.db.generic_1.0.1.v201107221459.jar High
Product jar package name datatools Low
Product central artifactid org.eclipse.datatools.connectivity.db.generic Highest
Version file name org.eclipse.datatools.connectivity.db.generic Medium
Version central version 1.0.1.v201107221459 Highest
Version pom version 1.0.1.v201107221459 Highest
Version gradle version 1.0.1.v201107221459 Highest
Version file version 1.0.1.v20110722 Highest
Version Manifest Bundle-Version 1.0.1.v201107221459 High
Published Vulnerabilities
CVE-2009-4521 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.
Vulnerable Software & Versions:
org.eclipse.datatools.enablement.hsqldb-1.0.0.v201107221502.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.enablement.hsqldb\1.0.0.v201107221502\5f987f4588c989290c038bd70460c36caa972c0b\org.eclipse.datatools.enablement.hsqldb-1.0.0.v201107221502.jar
MD5: 7acc8fad3f0bc091eaa32030fb8cdbf5
SHA1: 5f987f4588c989290c038bd70460c36caa972c0b
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor central groupid org.eclipse.birt.runtime Highest
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor Manifest bundle-symbolicname org.eclipse.datatools.enablement.hsqldb;singleton:=true Medium
Vendor jar package name enablement Low
Vendor pom groupid eclipse.birt.runtime Highest
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Vendor pom artifactid eclipse.datatools.enablement.hsqldb Low
Vendor pom name org.eclipse.datatools.enablement.hsqldb_1.0.0.v201107221502.jar High
Vendor gradle groupid org.eclipse.birt.runtime Highest
Vendor file name org.eclipse.datatools.enablement.hsqldb High
Vendor Manifest require-bundle org.eclipse.datatools.connectivity;bundle-version="[1.0.0,1.5.0)",org.eclipse.datatools.connectivity.sqm.core;bundle-version="[1.0.0,1.5.0)",org.eclipse.datatools.modelbase.sql;bundle-version="[1.0.0,1.5.0)",org.eclipse.datatools.modelbase.dbdefinition;bundle-version="[1.0.0,1.5.0)",org.eclipse.datatools.connectivity.db.generic;bundle-version="[1.0.0,1.5.0)",org.eclipse.emf.ecore.xmi Low
Vendor jar package name datatools Low
Vendor jar package name eclipse Low
Product gradle artifactid org.eclipse.datatools.enablement.hsqldb Highest
Product pom artifactid eclipse.datatools.enablement.hsqldb Highest
Product pom description A component of the BIRT runtime Medium
Product Manifest bundle-symbolicname org.eclipse.datatools.enablement.hsqldb;singleton:=true Medium
Product jar package name enablement Low
Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Product Manifest Bundle-Name %Bundle-Name Medium
Product jar package name hsqldb Low
Product central artifactid org.eclipse.datatools.enablement.hsqldb Highest
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product pom groupid eclipse.birt.runtime Low
Product pom name org.eclipse.datatools.enablement.hsqldb_1.0.0.v201107221502.jar High
Product file name org.eclipse.datatools.enablement.hsqldb High
Product Manifest require-bundle org.eclipse.datatools.connectivity;bundle-version="[1.0.0,1.5.0)",org.eclipse.datatools.connectivity.sqm.core;bundle-version="[1.0.0,1.5.0)",org.eclipse.datatools.modelbase.sql;bundle-version="[1.0.0,1.5.0)",org.eclipse.datatools.modelbase.dbdefinition;bundle-version="[1.0.0,1.5.0)",org.eclipse.datatools.connectivity.db.generic;bundle-version="[1.0.0,1.5.0)",org.eclipse.emf.ecore.xmi Low
Product jar package name datatools Low
Version pom version 1.0.0.v201107221502 Highest
Version file name org.eclipse.datatools.enablement.hsqldb Medium
Version central version 1.0.0.v201107221502 Highest
Version gradle version 1.0.0.v201107221502 Highest
Version file version 1.0.0.v20110722 Highest
Version Manifest Bundle-Version 1.0.0.v201107221502 High
Published Vulnerabilities
CVE-2009-4521 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.
Vulnerable Software & Versions:
org.eclipse.datatools.enablement.msft.sqlserver.dbdefinition-1.0.1.v201201240505.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.enablement.msft.sqlserver.dbdefinition\1.0.1.v201201240505\d18a0cca80deb6331f1caffea5abc8fa34e2060e\org.eclipse.datatools.enablement.msft.sqlserver.dbdefinition-1.0.1.v201201240505.jar
MD5: 4b552c372d4c69ed407bdc1bf5abbc9a
SHA1: d18a0cca80deb6331f1caffea5abc8fa34e2060e
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor file name org.eclipse.datatools.enablement.msft.sqlserver.dbdefinition High
Vendor pom artifactid eclipse.datatools.enablement.msft.sqlserver.dbdefinition Low
Vendor pom name org.eclipse.datatools.enablement.msft.sqlserver.dbdefinition_1.0.1.v201201240505.jar High
Vendor Manifest bundle-symbolicname org.eclipse.datatools.enablement.msft.sqlserver.dbdefinition; singleton:=true Medium
Vendor central groupid org.eclipse.birt.runtime Highest
Vendor gradle groupid org.eclipse.birt.runtime Highest
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor pom groupid eclipse.birt.runtime Highest
Product file name org.eclipse.datatools.enablement.msft.sqlserver.dbdefinition High
Product pom artifactid eclipse.datatools.enablement.msft.sqlserver.dbdefinition Highest
Product pom name org.eclipse.datatools.enablement.msft.sqlserver.dbdefinition_1.0.1.v201201240505.jar High
Product Manifest bundle-symbolicname org.eclipse.datatools.enablement.msft.sqlserver.dbdefinition; singleton:=true Medium
Product central artifactid org.eclipse.datatools.enablement.msft.sqlserver.dbdefinition Highest
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product pom groupid eclipse.birt.runtime Low
Product gradle artifactid org.eclipse.datatools.enablement.msft.sqlserver.dbdefinition Highest
Product pom description A component of the BIRT runtime Medium
Product Manifest Bundle-Name %pluginName Medium
Version Manifest Bundle-Version 1.0.1.v201201240505 High
Version central version 1.0.1.v201201240505 Highest
Version pom version 1.0.1.v201201240505 Highest
Version gradle version 1.0.1.v201201240505 Highest
Version file version 1.0.1.v20120124 Highest
Version file name org.eclipse.datatools.enablement.msft.sqlserver.dbdefinition Medium
Published Vulnerabilities
CVE-2009-4521 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.
Vulnerable Software & Versions:
org.apache.xml.resolver-1.2.0.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\org.apache.xml.resolver\1.2.0\7c9c22053b04772e81dc62d665b202eeae82ae47\org.apache.xml.resolver-1.2.0.jar
MD5: f29e4c1d4936c28395beee34a755f3a6
SHA1: 7c9c22053b04772e81dc62d665b202eeae82ae47
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest bundle-symbolicname org.apache.xml.resolver Medium
Vendor jar package name apache Low
Vendor jar package name resolver Low
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.2 Low
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor jar package name xml Low
Vendor file name org.apache.xml.resolver High
Vendor pom groupid eclipse.birt.runtime.3_7_1 Highest
Vendor pom artifactid apache.xml.resolver Low
Vendor pom name org.apache.xml.resolver_1.2.0.v201005080400.jar High
Vendor central groupid org.eclipse.birt.runtime.3_7_1 Highest
Vendor gradle groupid org.eclipse.birt.runtime.3_7_1 Highest
Product Manifest bundle-symbolicname org.apache.xml.resolver Medium
Product pom groupid eclipse.birt.runtime.3_7_1 Low
Product jar package name resolver Low
Product pom artifactid apache.xml.resolver Highest
Product Manifest bundle-requiredexecutionenvironment J2SE-1.2 Low
Product gradle artifactid org.apache.xml.resolver Highest
Product central artifactid org.apache.xml.resolver Highest
Product pom description A component of the BIRT runtime Medium
Product jar package name xml Low
Product file name org.apache.xml.resolver High
Product Manifest Bundle-Name %Bundle-Name.0 Medium
Product pom name org.apache.xml.resolver_1.2.0.v201005080400.jar High
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Version pom version 1.2.0 Highest
Version file version 1.2.0 Highest
Version central version 1.2.0 Highest
Published Vulnerabilities
CVE-2009-4521 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.
Vulnerable Software & Versions:
org.eclipse.datatools.enablement.ibm.informix.dbdefinition-1.0.4.v201107221502.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.enablement.ibm.informix.dbdefinition\1.0.4.v201107221502\1587982c1ed42ca42e1fe02f1a3baf1faa4bcbb2\org.eclipse.datatools.enablement.ibm.informix.dbdefinition-1.0.4.v201107221502.jar
MD5: bd94b57db3ac938c9a517371dd9e8923
SHA1: 1587982c1ed42ca42e1fe02f1a3baf1faa4bcbb2
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom name org.eclipse.datatools.enablement.ibm.informix.dbdefinition_1.0.4.v201107221502.jar High
Vendor central groupid org.eclipse.birt.runtime Highest
Vendor file name org.eclipse.datatools.enablement.ibm.informix.dbdefinition High
Vendor pom artifactid eclipse.datatools.enablement.ibm.informix.dbdefinition Low
Vendor gradle groupid org.eclipse.birt.runtime Highest
Vendor Manifest bundle-symbolicname org.eclipse.datatools.enablement.ibm.informix.dbdefinition; singleton:=true Medium
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor pom groupid eclipse.birt.runtime Highest
Product central artifactid org.eclipse.datatools.enablement.ibm.informix.dbdefinition Highest
Product pom artifactid eclipse.datatools.enablement.ibm.informix.dbdefinition Highest
Product pom name org.eclipse.datatools.enablement.ibm.informix.dbdefinition_1.0.4.v201107221502.jar High
Product gradle artifactid org.eclipse.datatools.enablement.ibm.informix.dbdefinition Highest
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product pom groupid eclipse.birt.runtime Low
Product file name org.eclipse.datatools.enablement.ibm.informix.dbdefinition High
Product Manifest bundle-symbolicname org.eclipse.datatools.enablement.ibm.informix.dbdefinition; singleton:=true Medium
Product pom description A component of the BIRT runtime Medium
Product Manifest Bundle-Name %pluginName Medium
Version central version 1.0.4.v201107221502 Highest
Version file version 1.0.4.v20110722 Highest
Version file name org.eclipse.datatools.enablement.ibm.informix.dbdefinition Medium
Version pom version 1.0.4.v201107221502 Highest
Version gradle version 1.0.4.v201107221502 Highest
Version Manifest Bundle-Version 1.0.4.v201107221502 High
org.eclipse.datatools.modelbase.sql-1.0.6.v201208230744.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.modelbase.sql\1.0.6.v201208230744\731de727a1154c562038b045fa247716f68e93fe\org.eclipse.datatools.modelbase.sql-1.0.6.v201208230744.jar
MD5: b73d784c71179bd2ab08499c373cd2c0
SHA1: 731de727a1154c562038b045fa247716f68e93fe
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name modelbase Low
Vendor central groupid org.eclipse.birt.runtime Highest
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor pom artifactid eclipse.datatools.modelbase.sql Low
Vendor pom groupid eclipse.birt.runtime Highest
Vendor Manifest bundle-symbolicname org.eclipse.datatools.modelbase.sql; singleton:=true Medium
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Vendor Manifest require-bundle org.eclipse.emf.ecore;bundle-version="[2.2.0,3.0.0)";visibility:=reexport Low
Vendor pom name org.eclipse.datatools.modelbase.sql_1.0.6.v201208230744.jar High
Vendor file name org.eclipse.datatools.modelbase.sql High
Vendor gradle groupid org.eclipse.birt.runtime Highest
Vendor jar package name datatools Low
Vendor jar package name eclipse Low
Product jar package name modelbase Low
Product pom description A component of the BIRT runtime Medium
Product central artifactid org.eclipse.datatools.modelbase.sql Highest
Product jar package name sql Low
Product Manifest bundle-symbolicname org.eclipse.datatools.modelbase.sql; singleton:=true Medium
Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Product pom artifactid eclipse.datatools.modelbase.sql Highest
Product Manifest require-bundle org.eclipse.emf.ecore;bundle-version="[2.2.0,3.0.0)";visibility:=reexport Low
Product gradle artifactid org.eclipse.datatools.modelbase.sql Highest
Product pom name org.eclipse.datatools.modelbase.sql_1.0.6.v201208230744.jar High
Product file name org.eclipse.datatools.modelbase.sql High
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product pom groupid eclipse.birt.runtime Low
Product jar package name datatools Low
Product Manifest Bundle-Name %pluginName Medium
Version pom version 1.0.6.v201208230744 Highest
Version gradle version 1.0.6.v201208230744 Highest
Version Manifest Bundle-Version 1.0.6.v201208230744 High
Version file name org.eclipse.datatools.modelbase.sql Medium
Version file version 1.0.6.v20120823 Highest
Version central version 1.0.6.v201208230744 Highest
Published Vulnerabilities
CVE-2009-4521 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.
Vulnerable Software & Versions:
org.w3c.dom.svg-1.1.0.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\org.w3c.dom.svg\1.1.0\9c6413ed43b4e9ba56982a554e03bd012cc44ed9\org.w3c.dom.svg-1.1.0.jar
MD5: dcf64eb5f94cf993600f30aac878d329
SHA1: 9c6413ed43b4e9ba56982a554e03bd012cc44ed9
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.4,J2SE-1.3,CDC-1.0/Foundation-1.0 Low
Vendor pom name org.w3c.dom.svg_1.1.0.v201011041433.jar High
Vendor file name org.w3c.dom.svg High
Vendor pom artifactid w3c.dom.svg Low
Vendor jar package name svg Low
Vendor Manifest bundle-symbolicname org.w3c.dom.svg Medium
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor jar package name dom Low
Vendor pom groupid eclipse.birt.runtime.3_7_1 Highest
Vendor jar package name w3c Low
Vendor central groupid org.eclipse.birt.runtime.3_7_1 Highest
Vendor gradle groupid org.eclipse.birt.runtime.3_7_1 Highest
Vendor Manifest require-bundle org.w3c.dom.smil;bundle-version="[1.0.0,1.1.0)" Low
Product Manifest bundle-requiredexecutionenvironment J2SE-1.4,J2SE-1.3,CDC-1.0/Foundation-1.0 Low
Product gradle artifactid org.w3c.dom.svg Highest
Product pom name org.w3c.dom.svg_1.1.0.v201011041433.jar High
Product pom groupid eclipse.birt.runtime.3_7_1 Low
Product file name org.w3c.dom.svg High
Product jar package name svg Low
Product Manifest bundle-symbolicname org.w3c.dom.svg Medium
Product pom description A component of the BIRT runtime Medium
Product jar package name dom Low
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product pom artifactid w3c.dom.svg Highest
Product central artifactid org.w3c.dom.svg Highest
Product Manifest require-bundle org.w3c.dom.smil;bundle-version="[1.0.0,1.1.0)" Low
Product Manifest Bundle-Name %pluginName Medium
Version pom version 1.1.0 Highest
Version file version 1.1.0 Highest
Version central version 1.1.0 Highest
Published Vulnerabilities
CVE-2009-4521 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.
Vulnerable Software & Versions:
org.apache.batik.dom.svg-1.6.0.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\org.apache.batik.dom.svg\1.6.0\ce507ddef394d6c6771bc8692c7db6afb1da4fa0\org.apache.batik.dom.svg-1.6.0.jar
MD5: e3093fc8645d18d9241c1db7b9064e32
SHA1: ce507ddef394d6c6771bc8692c7db6afb1da4fa0
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name apache Low
Vendor pom artifactid apache.batik.dom.svg Low
Vendor pom name org.apache.batik.dom.svg_1.6.0.v201011041432.jar High
Vendor file name org.apache.batik.dom.svg High
Vendor Manifest require-bundle org.apache.batik.css;bundle-version="[1.6.0,1.7.0)",org.apache.batik.dom;bundle-version="[1.6.0,1.7.0)",org.apache.batik.parser;bundle-version="[1.6.0,1.7.0)",org.apache.batik.util;bundle-version="[1.6.0,1.7.0)",org.w3c.css.sac;bundle-version="[1.3.0,1.4.0)",org.w3c.dom.smil;bundle-version="[1.0.0,1.1.0)",org.w3c.dom.svg;bundle-version="[1.1.0,1.3.0)" Low
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor jar package name dom Low
Vendor pom groupid eclipse.birt.runtime.3_7_1 Highest
Vendor central groupid org.eclipse.birt.runtime.3_7_1 Highest
Vendor jar package name batik Low
Vendor Manifest bundle-symbolicname org.apache.batik.dom.svg Medium
Vendor gradle groupid org.eclipse.birt.runtime.3_7_1 Highest
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.4,J2SE-1.3 Low
Product gradle artifactid org.apache.batik.dom.svg Highest
Product pom groupid eclipse.birt.runtime.3_7_1 Low
Product jar package name svg Low
Product pom name org.apache.batik.dom.svg_1.6.0.v201011041432.jar High
Product file name org.apache.batik.dom.svg High
Product Manifest require-bundle org.apache.batik.css;bundle-version="[1.6.0,1.7.0)",org.apache.batik.dom;bundle-version="[1.6.0,1.7.0)",org.apache.batik.parser;bundle-version="[1.6.0,1.7.0)",org.apache.batik.util;bundle-version="[1.6.0,1.7.0)",org.w3c.css.sac;bundle-version="[1.3.0,1.4.0)",org.w3c.dom.smil;bundle-version="[1.0.0,1.1.0)",org.w3c.dom.svg;bundle-version="[1.1.0,1.3.0)" Low
Product pom description A component of the BIRT runtime Medium
Product jar package name dom Low
Product central artifactid org.apache.batik.dom.svg Highest
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product jar package name batik Low
Product Manifest bundle-symbolicname org.apache.batik.dom.svg Medium
Product Manifest bundle-requiredexecutionenvironment J2SE-1.4,J2SE-1.3 Low
Product pom artifactid apache.batik.dom.svg Highest
Product Manifest Bundle-Name %pluginName Medium
Version file version 1.6.0 Highest
Version pom version 1.6.0 Highest
Version central version 1.6.0 Highest
Published Vulnerabilities
CVE-2015-0250 suppress
Severity:
Medium
CVSS Score: 6.4
(AV:N/AC:L/Au:N/C:P/I:N/A:P)
XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.
Vulnerable Software & Versions: (show all )
CVE-2017-5662 suppress
Severity:
High
CVSS Score: 7.9
(AV:N/AC:M/Au:S/C:C/I:N/A:C)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.
Vulnerable Software & Versions:
org.apache.batik.ext.awt-1.6.0.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\org.apache.batik.ext.awt\1.6.0\4df20bee143553a89b26bc06411eb4dcf44ec18e\org.apache.batik.ext.awt-1.6.0.jar
MD5: 66ec3f38f8f1ab368acd97dea9d554a5
SHA1: 4df20bee143553a89b26bc06411eb4dcf44ec18e
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name apache Low
Vendor Manifest bundle-symbolicname org.apache.batik.ext.awt Medium
Vendor Manifest require-bundle org.apache.batik.util;bundle-version="[1.6.0,1.7.0)",org.apache.batik.util.gui;bundle-version="[1.6.0,1.7.0)" Low
Vendor file name org.apache.batik.ext.awt High
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.3 Low
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor pom groupid eclipse.birt.runtime.3_7_1 Highest
Vendor pom name org.apache.batik.ext.awt_1.6.0.v201011041432.jar High
Vendor pom artifactid apache.batik.ext.awt Low
Vendor central groupid org.eclipse.birt.runtime.3_7_1 Highest
Vendor jar package name batik Low
Vendor jar package name ext Low
Vendor gradle groupid org.eclipse.birt.runtime.3_7_1 Highest
Product pom groupid eclipse.birt.runtime.3_7_1 Low
Product Manifest bundle-symbolicname org.apache.batik.ext.awt Medium
Product pom artifactid apache.batik.ext.awt Highest
Product Manifest require-bundle org.apache.batik.util;bundle-version="[1.6.0,1.7.0)",org.apache.batik.util.gui;bundle-version="[1.6.0,1.7.0)" Low
Product file name org.apache.batik.ext.awt High
Product Manifest bundle-requiredexecutionenvironment J2SE-1.3 Low
Product pom description A component of the BIRT runtime Medium
Product jar package name awt Low
Product pom name org.apache.batik.ext.awt_1.6.0.v201011041432.jar High
Product gradle artifactid org.apache.batik.ext.awt Highest
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product jar package name batik Low
Product jar package name ext Low
Product central artifactid org.apache.batik.ext.awt Highest
Product Manifest Bundle-Name %pluginName Medium
Version file version 1.6.0 Highest
Version pom version 1.6.0 Highest
Version central version 1.6.0 Highest
Published Vulnerabilities
CVE-2015-0250 suppress
Severity:
Medium
CVSS Score: 6.4
(AV:N/AC:L/Au:N/C:P/I:N/A:P)
XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.
Vulnerable Software & Versions: (show all )
CVE-2017-5662 suppress
Severity:
High
CVSS Score: 7.9
(AV:N/AC:M/Au:S/C:C/I:N/A:C)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.
Vulnerable Software & Versions:
org.mozilla.javascript-1.7.2.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\org.mozilla.javascript\1.7.2\b520e18bd357a47deb2e902ce49533564236219b\org.mozilla.javascript-1.7.2.jar
MD5: ec441f8787033e99da1eb599e021dc78
SHA1: b520e18bd357a47deb2e902ce49533564236219b
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor file name org.mozilla.javascript High
Vendor pom artifactid mozilla.javascript Low
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor pom groupid eclipse.birt.runtime.3_7_1 Highest
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Vendor pom name js.jar High
Vendor jar package name javascript Low
Vendor central groupid org.eclipse.birt.runtime.3_7_1 Highest
Vendor jar package name mozilla Low
Vendor Manifest bundle-symbolicname org.mozilla.javascript Medium
Vendor gradle groupid org.eclipse.birt.runtime.3_7_1 Highest
Product gradle artifactid org.mozilla.javascript Highest
Product pom groupid eclipse.birt.runtime.3_7_1 Low
Product file name org.mozilla.javascript High
Product central artifactid org.mozilla.javascript Highest
Product pom description A component of the BIRT runtime Medium
Product Manifest Bundle-Name %Bundle-Name.0 Medium
Product pom artifactid mozilla.javascript Highest
Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Product pom name js.jar High
Product jar package name javascript Low
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product Manifest bundle-symbolicname org.mozilla.javascript Medium
Version pom version 1.7.2 Highest
Version file version 1.7.2 Highest
Version central version 1.7.2 Highest
org.eclipse.datatools.enablement.postgresql-1.1.1.v201205252207.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.enablement.postgresql\1.1.1.v201205252207\ddd733b059a41aa86aceed5344d1b4799802f5c0\org.eclipse.datatools.enablement.postgresql-1.1.1.v201205252207.jar
MD5: 0e1243739661726d3a98234922777ee9
SHA1: ddd733b059a41aa86aceed5344d1b4799802f5c0
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor central groupid org.eclipse.birt.runtime Highest
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor jar package name enablement Low
Vendor pom groupid eclipse.birt.runtime Highest
Vendor pom name org.eclipse.datatools.enablement.postgresql_1.1.1.v201205252207.jar High
Vendor file name org.eclipse.datatools.enablement.postgresql High
Vendor Manifest bundle-symbolicname org.eclipse.datatools.enablement.postgresql;singleton:=true Medium
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Vendor pom artifactid eclipse.datatools.enablement.postgresql Low
Vendor Manifest require-bundle org.eclipse.core.runtime;bundle-version="[3.2.0,4.0.0)",org.eclipse.datatools.connectivity;bundle-version="[0.9.1,1.5.0)",org.eclipse.datatools.connectivity.db.generic;bundle-version="[0.9.1,1.5.0)",org.eclipse.datatools.connectivity.sqm.core;bundle-version="[0.9.1,1.5.0)",org.eclipse.datatools.modelbase.sql;bundle-version="[0.9.0,1.5.0)" Low
Vendor gradle groupid org.eclipse.birt.runtime Highest
Vendor jar package name datatools Low
Vendor jar package name eclipse Low
Product gradle artifactid org.eclipse.datatools.enablement.postgresql Highest
Product central artifactid org.eclipse.datatools.enablement.postgresql Highest
Product pom description A component of the BIRT runtime Medium
Product jar package name enablement Low
Product pom name org.eclipse.datatools.enablement.postgresql_1.1.1.v201205252207.jar High
Product file name org.eclipse.datatools.enablement.postgresql High
Product jar package name postgresql Low
Product Manifest bundle-symbolicname org.eclipse.datatools.enablement.postgresql;singleton:=true Medium
Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Product Manifest require-bundle org.eclipse.core.runtime;bundle-version="[3.2.0,4.0.0)",org.eclipse.datatools.connectivity;bundle-version="[0.9.1,1.5.0)",org.eclipse.datatools.connectivity.db.generic;bundle-version="[0.9.1,1.5.0)",org.eclipse.datatools.connectivity.sqm.core;bundle-version="[0.9.1,1.5.0)",org.eclipse.datatools.modelbase.sql;bundle-version="[0.9.0,1.5.0)" Low
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product pom groupid eclipse.birt.runtime Low
Product pom artifactid eclipse.datatools.enablement.postgresql Highest
Product jar package name datatools Low
Product Manifest Bundle-Name %pluginName Medium
Version file name org.eclipse.datatools.enablement.postgresql Medium
Version central version 1.1.1.v201205252207 Highest
Version file version 1.1.1.v20120525 Highest
Version gradle version 1.1.1.v201205252207 Highest
Version Manifest Bundle-Version 1.1.1.v201205252207 High
Version pom version 1.1.1.v201205252207 Highest
Published Vulnerabilities
CVE-2007-2138 suppress
Severity:
Medium
CVSS Score: 6.0
(AV:N/AC:M/Au:S/C:P/I:P/A:P)
Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to "search_path settings."
Vulnerable Software & Versions: (show all )
CVE-2007-4772 suppress
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors
The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression.
Vulnerable Software & Versions: (show all )
CVE-2010-0733 suppress
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
CWE: CWE-189 Numeric Errors
Integer overflow in src/backend/executor/nodeHash.c in PostgreSQL 8.4.1 and earlier, and 8.5 through 8.5alpha2, allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with many LEFT JOIN clauses, related to certain hashtable size calculations.
Vulnerable Software & Versions: (show all )
CVE-2014-0060 suppress
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:P/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls
PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command before the associated GRANT command.
Vulnerable Software & Versions: (show all )
CVE-2014-0061 suppress
Severity:
Medium
CVSS Score: 6.5
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The validator functions for the procedural languages (PLs) in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to gain privileges via a function that is (1) defined in another language or (2) not allowed to be directly called by the user due to permissions.
Vulnerable Software & Versions: (show all )
CVE-2014-0062 suppress
Severity:
Medium
CVSS Score: 4.9
(AV:N/AC:M/Au:S/C:P/I:P/A:N)
CWE: CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allows remote authenticated users to create an unauthorized index or read portions of unauthorized tables by creating or deleting a table with the same name during the timing window.
Vulnerable Software & Versions: (show all )
CVE-2014-0063 suppress
Severity:
Medium
CVSS Score: 6.5
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Multiple stack-based buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via vectors related to an incorrect MAXDATELEN constant and datetime values involving (1) intervals, (2) timestamps, or (3) timezones, a different vulnerability than CVE-2014-0065.
Vulnerable Software & Versions: (show all )
CVE-2014-0064 suppress
Severity:
Medium
CVSS Score: 6.5
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-189 Numeric Errors
Multiple integer overflows in the path_in and other unspecified functions in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, which trigger a buffer overflow. NOTE: this identifier has been SPLIT due to different affected versions; use CVE-2014-2669 for the hstore vector.
Vulnerable Software & Versions: (show all )
CVE-2014-0065 suppress
Severity:
Medium
CVSS Score: 6.5
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Multiple buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, a different vulnerability than CVE-2014-0063.
Vulnerable Software & Versions: (show all )
CVE-2014-0066 suppress
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation
The chkpass extension in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly check the return value of the crypt library function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors.
Vulnerable Software & Versions: (show all )
CVE-2014-0067 suppress
Severity:
Medium
CVSS Score: 4.6
(AV:L/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The "make check" command for the test suites in PostgreSQL 9.3.3 and earlier does not properly invoke initdb to specify the authentication requirements for a database cluster to be used for the tests, which allows local users to gain privileges by leveraging access to this cluster.
Vulnerable Software & Versions: (show all )
CVE-2015-3165 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence.
Vulnerable Software & Versions: (show all )
CVE-2015-5288 suppress
Severity:
Medium
CVSS Score: 6.4
(AV:N/AC:L/Au:N/C:P/I:N/A:P)
CWE: CWE-200 Information Exposure
The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service (server crash) or read arbitrary server memory via a "too-short" salt.
Vulnerable Software & Versions: (show all )
CVE-2015-5289 suppress
Severity:
Medium
CVSS Score: 6.4
(AV:N/AC:L/Au:N/C:P/I:N/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service (server crash) via unspecified vectors, which are not properly handled in (1) json or (2) jsonb values.
Vulnerable Software & Versions: (show all )
CVE-2016-0766 suppress
Severity:
High
CVSS Score: 9.0
(AV:N/AC:L/Au:S/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 does not properly restrict access to unspecified custom configuration settings (GUCS) for PL/Java, which allows attackers to gain privileges via unspecified vectors.
Vulnerable Software & Versions: (show all )
CVE-2016-0768 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-284 Improper Access Control
PostgreSQL PL/Java after 9.0 does not honor access controls on large objects.
Vulnerable Software & Versions:
CVE-2016-0773 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service (infinite loop or buffer overflow and crash) via a large Unicode character range in a regular expression.
Vulnerable Software & Versions: (show all )
CVE-2016-5423 suppress
Severity:
Medium
CVSS Score: 6.5
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-476 NULL Pointer Dereference
PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 allow remote authenticated users to cause a denial of service (NULL pointer dereference and server crash), obtain sensitive memory information, or possibly execute arbitrary code via (1) a CASE expression within the test value subexpression of another CASE or (2) inlining of an SQL function that implements the equality operator used for a CASE expression involving values of different types.
Vulnerable Software & Versions: (show all )
CVE-2016-5424 suppress
Severity:
Medium
CVSS Score: 4.6
(AV:N/AC:H/Au:S/C:P/I:P/A:P)
CWE: CWE-94 Improper Control of Generation of Code ('Code Injection')
PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) " (double quote), (2) \ (backslash), (3) carriage return, or (4) newline character in a (a) database or (b) role name that is mishandled during an administrative operation.
Vulnerable Software & Versions: (show all )
CVE-2017-7484 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure
It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access.
Vulnerable Software & Versions: (show all )
org.apache.batik.transcoder-1.6.0.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\org.apache.batik.transcoder\1.6.0\fc5d9326a3195f15781d2fcea862ec1767e30ebf\org.apache.batik.transcoder-1.6.0.jar
MD5: 68731962320372175c3b07cc97ab155b
SHA1: fc5d9326a3195f15781d2fcea862ec1767e30ebf
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name apache Low
Vendor pom name org.apache.batik.transcoder_1.6.0.v201011041432.jar High
Vendor pom artifactid apache.batik.transcoder Low
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.3 Low
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor pom groupid eclipse.birt.runtime.3_7_1 Highest
Vendor Manifest bundle-symbolicname org.apache.batik.transcoder Medium
Vendor central groupid org.eclipse.birt.runtime.3_7_1 Highest
Vendor jar package name transcoder Low
Vendor jar package name batik Low
Vendor Manifest require-bundle org.apache.batik.bridge;bundle-version="[1.6.0,1.7.0)",org.apache.batik.dom;bundle-version="[1.6.0,1.7.0)",org.apache.batik.dom.svg;bundle-version="[1.6.0,1.7.0)",org.apache.batik.ext.awt;bundle-version="[1.6.0,1.7.0)",org.apache.batik.svggen;bundle-version="[1.6.0,1.7.0)",org.apache.batik.util;bundle-version="[1.6.0,1.7.0)",org.apache.batik.xml;bundle-version="[1.6.0,1.7.0)",org.w3c.dom.svg;bundle-version="[1.1.0,1.3.0)" Low
Vendor gradle groupid org.eclipse.birt.runtime.3_7_1 Highest
Vendor file name org.apache.batik.transcoder High
Product pom groupid eclipse.birt.runtime.3_7_1 Low
Product pom artifactid apache.batik.transcoder Highest
Product pom name org.apache.batik.transcoder_1.6.0.v201011041432.jar High
Product central artifactid org.apache.batik.transcoder Highest
Product Manifest bundle-requiredexecutionenvironment J2SE-1.3 Low
Product pom description A component of the BIRT runtime Medium
Product Manifest bundle-symbolicname org.apache.batik.transcoder Medium
Product jar package name transcoder Low
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product gradle artifactid org.apache.batik.transcoder Highest
Product jar package name batik Low
Product Manifest require-bundle org.apache.batik.bridge;bundle-version="[1.6.0,1.7.0)",org.apache.batik.dom;bundle-version="[1.6.0,1.7.0)",org.apache.batik.dom.svg;bundle-version="[1.6.0,1.7.0)",org.apache.batik.ext.awt;bundle-version="[1.6.0,1.7.0)",org.apache.batik.svggen;bundle-version="[1.6.0,1.7.0)",org.apache.batik.util;bundle-version="[1.6.0,1.7.0)",org.apache.batik.xml;bundle-version="[1.6.0,1.7.0)",org.w3c.dom.svg;bundle-version="[1.1.0,1.3.0)" Low
Product file name org.apache.batik.transcoder High
Product Manifest Bundle-Name %pluginName Medium
Version file version 1.6.0 Highest
Version pom version 1.6.0 Highest
Version central version 1.6.0 Highest
Published Vulnerabilities
CVE-2015-0250 suppress
Severity:
Medium
CVSS Score: 6.4
(AV:N/AC:L/Au:N/C:P/I:N/A:P)
XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.
Vulnerable Software & Versions: (show all )
CVE-2017-5662 suppress
Severity:
High
CVSS Score: 7.9
(AV:N/AC:M/Au:S/C:C/I:N/A:C)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.
Vulnerable Software & Versions:
org.eclipse.datatools.connectivity.apache.derby.dbdefinition-1.0.2.v201107221459.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.connectivity.apache.derby.dbdefinition\1.0.2.v201107221459\be66d744ac0e8f011055c37eb6c0b0b8de2d0978\org.eclipse.datatools.connectivity.apache.derby.dbdefinition-1.0.2.v201107221459.jar
MD5: 4d3e4a2cbaabc2bfa5aefb557d61ae37
SHA1: be66d744ac0e8f011055c37eb6c0b0b8de2d0978
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom name org.eclipse.datatools.connectivity.apache.derby.dbdefinition_1.0.2.v201107221459.jar High
Vendor Manifest bundle-symbolicname org.eclipse.datatools.connectivity.apache.derby.dbdefinition;singleton:=true Medium
Vendor central groupid org.eclipse.birt.runtime Highest
Vendor pom artifactid eclipse.datatools.connectivity.apache.derby.dbdefinition Low
Vendor gradle groupid org.eclipse.birt.runtime Highest
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor file name org.eclipse.datatools.connectivity.apache.derby.dbdefinition High
Vendor pom groupid eclipse.birt.runtime Highest
Product pom name org.eclipse.datatools.connectivity.apache.derby.dbdefinition_1.0.2.v201107221459.jar High
Product gradle artifactid org.eclipse.datatools.connectivity.apache.derby.dbdefinition Highest
Product Manifest bundle-symbolicname org.eclipse.datatools.connectivity.apache.derby.dbdefinition;singleton:=true Medium
Product central artifactid org.eclipse.datatools.connectivity.apache.derby.dbdefinition Highest
Product pom artifactid eclipse.datatools.connectivity.apache.derby.dbdefinition Highest
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product pom groupid eclipse.birt.runtime Low
Product pom description A component of the BIRT runtime Medium
Product file name org.eclipse.datatools.connectivity.apache.derby.dbdefinition High
Product Manifest Bundle-Name %pluginName Medium
Version central version 1.0.2.v201107221459 Highest
Version file version 1.0.2.v20110722 Highest
Version file name org.eclipse.datatools.connectivity.apache.derby.dbdefinition Medium
Version pom version 1.0.2.v201107221459 Highest
Version gradle version 1.0.2.v201107221459 Highest
Version Manifest Bundle-Version 1.0.2.v201107221459 High
Published Vulnerabilities
CVE-2005-4849 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure
Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
Vulnerable Software & Versions:
CVE-2009-4269 suppress
Severity:
Low
CVSS Score: 2.1
(AV:L/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-310 Cryptographic Issues
The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
Vulnerable Software & Versions:
org.eclipse.datatools.enablement.oracle-1.0.0.v201107221506.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.enablement.oracle\1.0.0.v201107221506\5628f462cfa241fff7b11f1df4c21802f174dd08\org.eclipse.datatools.enablement.oracle-1.0.0.v201107221506.jar
MD5: 4be65c4c38bee9128501d3169da945b2
SHA1: 5628f462cfa241fff7b11f1df4c21802f174dd08
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom name org.eclipse.datatools.enablement.oracle_1.0.0.v201107221506.jar High
Vendor central groupid org.eclipse.birt.runtime Highest
Vendor Manifest require-bundle org.eclipse.datatools.connectivity;bundle-version="[1.0.1,2.0.0)" Low
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor jar package name enablement Low
Vendor pom groupid eclipse.birt.runtime Highest
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Vendor pom artifactid eclipse.datatools.enablement.oracle Low
Vendor file name org.eclipse.datatools.enablement.oracle High
Vendor gradle groupid org.eclipse.birt.runtime Highest
Vendor Manifest bundle-symbolicname org.eclipse.datatools.enablement.oracle;singleton:=true Medium
Vendor jar package name datatools Low
Vendor jar package name eclipse Low
Product pom name org.eclipse.datatools.enablement.oracle_1.0.0.v201107221506.jar High
Product Manifest require-bundle org.eclipse.datatools.connectivity;bundle-version="[1.0.1,2.0.0)" Low
Product pom description A component of the BIRT runtime Medium
Product jar package name enablement Low
Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Product jar package name internal Low
Product central artifactid org.eclipse.datatools.enablement.oracle Highest
Product file name org.eclipse.datatools.enablement.oracle High
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product pom groupid eclipse.birt.runtime Low
Product pom artifactid eclipse.datatools.enablement.oracle Highest
Product gradle artifactid org.eclipse.datatools.enablement.oracle Highest
Product Manifest bundle-symbolicname org.eclipse.datatools.enablement.oracle;singleton:=true Medium
Product jar package name datatools Low
Product Manifest Bundle-Name %pluginName Medium
Version gradle version 1.0.0.v201107221506 Highest
Version pom version 1.0.0.v201107221506 Highest
Version Manifest Bundle-Version 1.0.0.v201107221506 High
Version file version 1.0.0.v20110722 Highest
Version central version 1.0.0.v201107221506 Highest
Version file name org.eclipse.datatools.enablement.oracle Medium
Published Vulnerabilities
CVE-2009-4521 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.
Vulnerable Software & Versions:
org.apache.batik.util-1.6.0.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\org.apache.batik.util\1.6.0\74aafd6361820f7e67474e78b16fd4365d1a58a\org.apache.batik.util-1.6.0.jar
MD5: 3db4ec82c64ef8c985a818dc0fcde67e
SHA1: 074aafd6361820f7e67474e78b16fd4365d1a58a
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor file name org.apache.batik.util High
Vendor jar package name apache Low
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.3 Low
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor Manifest require-bundle org.apache.batik.util.gui;bundle-version="[1.6.0,1.7.0)" Low
Vendor pom name org.apache.batik.util_1.6.0.v201011041432.jar High
Vendor Manifest bundle-symbolicname org.apache.batik.util Medium
Vendor pom groupid eclipse.birt.runtime.3_7_1 Highest
Vendor pom artifactid apache.batik.util Low
Vendor central groupid org.eclipse.birt.runtime.3_7_1 Highest
Vendor jar package name util Low
Vendor jar package name batik Low
Vendor gradle groupid org.eclipse.birt.runtime.3_7_1 Highest
Product pom artifactid apache.batik.util Highest
Product file name org.apache.batik.util High
Product pom groupid eclipse.birt.runtime.3_7_1 Low
Product gradle artifactid org.apache.batik.util Highest
Product central artifactid org.apache.batik.util Highest
Product Manifest bundle-requiredexecutionenvironment J2SE-1.3 Low
Product pom description A component of the BIRT runtime Medium
Product Manifest require-bundle org.apache.batik.util.gui;bundle-version="[1.6.0,1.7.0)" Low
Product pom name org.apache.batik.util_1.6.0.v201011041432.jar High
Product Manifest bundle-symbolicname org.apache.batik.util Medium
Product jar package name util Low
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product jar package name batik Low
Product Manifest Bundle-Name %pluginName Medium
Version file version 1.6.0 Highest
Version pom version 1.6.0 Highest
Version central version 1.6.0 Highest
Published Vulnerabilities
CVE-2015-0250 suppress
Severity:
Medium
CVSS Score: 6.4
(AV:N/AC:L/Au:N/C:P/I:N/A:P)
XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.
Vulnerable Software & Versions: (show all )
CVE-2017-5662 suppress
Severity:
High
CVSS Score: 7.9
(AV:N/AC:M/Au:S/C:C/I:N/A:C)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.
Vulnerable Software & Versions:
org.eclipse.datatools.enablement.oracle.dbdefinition-1.0.103.v201206010214.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.enablement.oracle.dbdefinition\1.0.103.v201206010214\af90f9d09101fb165a260896477c01385b6c8fd1\org.eclipse.datatools.enablement.oracle.dbdefinition-1.0.103.v201206010214.jar
MD5: f7cd9df4d5a76c851f3097996214862b
SHA1: af90f9d09101fb165a260896477c01385b6c8fd1
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom name org.eclipse.datatools.enablement.oracle.dbdefinition_1.0.103.v201206010214.jar High
Vendor Manifest bundle-symbolicname org.eclipse.datatools.enablement.oracle.dbdefinition; singleton:=true Medium
Vendor file name org.eclipse.datatools.enablement.oracle.dbdefinition High
Vendor central groupid org.eclipse.birt.runtime Highest
Vendor gradle groupid org.eclipse.birt.runtime Highest
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor pom artifactid eclipse.datatools.enablement.oracle.dbdefinition Low
Vendor pom groupid eclipse.birt.runtime Highest
Product central artifactid org.eclipse.datatools.enablement.oracle.dbdefinition Highest
Product pom name org.eclipse.datatools.enablement.oracle.dbdefinition_1.0.103.v201206010214.jar High
Product Manifest bundle-symbolicname org.eclipse.datatools.enablement.oracle.dbdefinition; singleton:=true Medium
Product file name org.eclipse.datatools.enablement.oracle.dbdefinition High
Product pom artifactid eclipse.datatools.enablement.oracle.dbdefinition Highest
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product pom groupid eclipse.birt.runtime Low
Product gradle artifactid org.eclipse.datatools.enablement.oracle.dbdefinition Highest
Product pom description A component of the BIRT runtime Medium
Product Manifest Bundle-Name %pluginName Medium
Version pom version 1.0.103.v201206010214 Highest
Version gradle version 1.0.103.v201206010214 Highest
Version Manifest Bundle-Version 1.0.103.v201206010214 High
Version file version 1.0.103.v20120601 Highest
Version file name org.eclipse.datatools.enablement.oracle.dbdefinition Medium
Version central version 1.0.103.v201206010214 Highest
Published Vulnerabilities
CVE-2009-4521 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.
Vulnerable Software & Versions:
org.apache.batik.xml-1.6.0.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\org.apache.batik.xml\1.6.0\8b3fbec88190a39eae4de5088a1199f23526258e\org.apache.batik.xml-1.6.0.jar
MD5: 4291f7898be4dcba99ba8dacfb8e9122
SHA1: 8b3fbec88190a39eae4de5088a1199f23526258e
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest bundle-symbolicname org.apache.batik.xml Medium
Vendor jar package name apache Low
Vendor pom artifactid apache.batik.xml Low
Vendor pom name org.apache.batik.xml_1.6.0.v201011041432.jar High
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.3 Low
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor jar package name xml Low
Vendor pom groupid eclipse.birt.runtime.3_7_1 Highest
Vendor file name org.apache.batik.xml High
Vendor central groupid org.eclipse.birt.runtime.3_7_1 Highest
Vendor jar package name batik Low
Vendor Manifest require-bundle org.apache.batik.util;bundle-version="[1.6.0,1.7.0)" Low
Vendor gradle groupid org.eclipse.birt.runtime.3_7_1 Highest
Product Manifest bundle-symbolicname org.apache.batik.xml Medium
Product pom groupid eclipse.birt.runtime.3_7_1 Low
Product pom artifactid apache.batik.xml Highest
Product pom name org.apache.batik.xml_1.6.0.v201011041432.jar High
Product Manifest bundle-requiredexecutionenvironment J2SE-1.3 Low
Product pom description A component of the BIRT runtime Medium
Product jar package name xml Low
Product file name org.apache.batik.xml High
Product gradle artifactid org.apache.batik.xml Highest
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product jar package name batik Low
Product Manifest require-bundle org.apache.batik.util;bundle-version="[1.6.0,1.7.0)" Low
Product Manifest Bundle-Name %pluginName Medium
Product central artifactid org.apache.batik.xml Highest
Version file version 1.6.0 Highest
Version pom version 1.6.0 Highest
Version central version 1.6.0 Highest
Published Vulnerabilities
CVE-2015-0250 suppress
Severity:
Medium
CVSS Score: 6.4
(AV:N/AC:L/Au:N/C:P/I:N/A:P)
XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.
Vulnerable Software & Versions: (show all )
CVE-2017-5662 suppress
Severity:
High
CVSS Score: 7.9
(AV:N/AC:M/Au:S/C:C/I:N/A:C)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.
Vulnerable Software & Versions:
org.apache.xml.serializer-2.7.1.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\org.apache.xml.serializer\2.7.1\a8508e22414c8e12cdfdc42b25a7c7efa4004556\org.apache.xml.serializer-2.7.1.jar
MD5: 6bfe11d68939f35a28c21d309835adc3
SHA1: a8508e22414c8e12cdfdc42b25a7c7efa4004556
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name apache Low
Vendor pom artifactid apache.xml.serializer Low
Vendor file name org.apache.xml.serializer High
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.2 Low
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor jar package name xml Low
Vendor pom groupid eclipse.birt.runtime.3_7_1 Highest
Vendor jar package name serializer Low
Vendor central groupid org.eclipse.birt.runtime.3_7_1 Highest
Vendor Manifest bundle-symbolicname org.apache.xml.serializer Medium
Vendor pom name org.apache.xml.serializer_2.7.1.v201005080400.jar High
Vendor gradle groupid org.eclipse.birt.runtime.3_7_1 Highest
Product gradle artifactid org.apache.xml.serializer Highest
Product pom groupid eclipse.birt.runtime.3_7_1 Low
Product file name org.apache.xml.serializer High
Product Manifest bundle-requiredexecutionenvironment J2SE-1.2 Low
Product pom artifactid apache.xml.serializer Highest
Product pom description A component of the BIRT runtime Medium
Product jar package name xml Low
Product Manifest Bundle-Name %Bundle-Name.0 Medium
Product central artifactid org.apache.xml.serializer Highest
Product jar package name serializer Low
Product Manifest bundle-symbolicname org.apache.xml.serializer Medium
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product pom name org.apache.xml.serializer_2.7.1.v201005080400.jar High
Version pom version 2.7.1 Highest
Version file version 2.7.1 Highest
Version central version 2.7.1 Highest
org.apache.xerces-2.9.0.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\org.apache.xerces\2.9.0\615a1b724b88b81e8a040ec148fd25368f7b48e5\org.apache.xerces-2.9.0.jar
MD5: 99108dc0a0b108c5f3651f97bdc22084
SHA1: 615a1b724b88b81e8a040ec148fd25368f7b48e5
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name apache Low
Vendor Manifest bundle-symbolicname org.apache.xerces Medium
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.2 Low
Vendor pom name org.apache.xerces_2.9.0.v201101211617.jar High
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor Manifest require-bundle system.bundle,javax.xml;bundle-version="[1.3.4,2.0.0)";visibility:=reexport,org.apache.xml.resolver;bundle-version="[1.2.0,2.0.0)";visibility:=reexport,org.apache.xml.serializer;bundle-version="[2.7.1,3.0.0)" Low
Vendor pom groupid eclipse.birt.runtime.3_7_1 Highest
Vendor pom artifactid apache.xerces Low
Vendor central groupid org.eclipse.birt.runtime.3_7_1 Highest
Vendor jar package name xerces Low
Vendor file name org.apache.xerces High
Vendor gradle groupid org.eclipse.birt.runtime.3_7_1 Highest
Product pom groupid eclipse.birt.runtime.3_7_1 Low
Product Manifest bundle-symbolicname org.apache.xerces Medium
Product Manifest bundle-requiredexecutionenvironment J2SE-1.2 Low
Product pom artifactid apache.xerces Highest
Product pom name org.apache.xerces_2.9.0.v201101211617.jar High
Product pom description A component of the BIRT runtime Medium
Product Manifest require-bundle system.bundle,javax.xml;bundle-version="[1.3.4,2.0.0)";visibility:=reexport,org.apache.xml.resolver;bundle-version="[1.2.0,2.0.0)";visibility:=reexport,org.apache.xml.serializer;bundle-version="[2.7.1,3.0.0)" Low
Product Manifest Bundle-Name %Bundle-Name.0 Medium
Product central artifactid org.apache.xerces Highest
Product gradle artifactid org.apache.xerces Highest
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product jar package name xerces Low
Product file name org.apache.xerces High
Version pom version 2.9.0 Highest
Version file version 2.9.0 Highest
Version central version 2.9.0 Highest
org.eclipse.datatools.modelbase.sql.query-1.1.4.v201212120619.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.modelbase.sql.query\1.1.4.v201212120619\663bfc41efd6030a37f7e6e7baf3b259606c1bcc\org.eclipse.datatools.modelbase.sql.query-1.1.4.v201212120619.jar
MD5: c5bdb5c33253c78e9cf3fceb476357f2
SHA1: 663bfc41efd6030a37f7e6e7baf3b259606c1bcc
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor file name org.eclipse.datatools.modelbase.sql.query High
Vendor jar package name modelbase Low
Vendor Manifest bundle-symbolicname org.eclipse.datatools.modelbase.sql.query; singleton:=true Medium
Vendor central groupid org.eclipse.birt.runtime Highest
Vendor Manifest require-bundle org.eclipse.core.runtime;bundle-version="[3.2.0,4.0.0)",org.eclipse.datatools.modelbase.sql;bundle-version="[0.9.0,1.5.0)";visibility:=reexport Low
Vendor pom name org.eclipse.datatools.modelbase.sql.query_1.1.4.v201212120619.jar High
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor pom groupid eclipse.birt.runtime Highest
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Vendor pom artifactid eclipse.datatools.modelbase.sql.query Low
Vendor gradle groupid org.eclipse.birt.runtime Highest
Vendor jar package name datatools Low
Vendor jar package name eclipse Low
Product pom artifactid eclipse.datatools.modelbase.sql.query Highest
Product file name org.eclipse.datatools.modelbase.sql.query High
Product jar package name modelbase Low
Product Manifest bundle-symbolicname org.eclipse.datatools.modelbase.sql.query; singleton:=true Medium
Product Manifest require-bundle org.eclipse.core.runtime;bundle-version="[3.2.0,4.0.0)",org.eclipse.datatools.modelbase.sql;bundle-version="[0.9.0,1.5.0)";visibility:=reexport Low
Product gradle artifactid org.eclipse.datatools.modelbase.sql.query Highest
Product central artifactid org.eclipse.datatools.modelbase.sql.query Highest
Product pom name org.eclipse.datatools.modelbase.sql.query_1.1.4.v201212120619.jar High
Product pom description A component of the BIRT runtime Medium
Product jar package name sql Low
Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product pom groupid eclipse.birt.runtime Low
Product jar package name datatools Low
Product Manifest Bundle-Name %pluginName Medium
Version file name org.eclipse.datatools.modelbase.sql.query Medium
Version central version 1.1.4.v201212120619 Highest
Version pom version 1.1.4.v201212120619 Highest
Version file version 1.1.4.v20121212 Highest
Version gradle version 1.1.4.v201212120619 Highest
Version Manifest Bundle-Version 1.1.4.v201212120619 High
Published Vulnerabilities
CVE-2009-4521 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.
Vulnerable Software & Versions:
org.eclipse.datatools.modelbase.dbdefinition-1.0.2.v201107221519.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.modelbase.dbdefinition\1.0.2.v201107221519\725b5a9cbd280b8e6c9a6fd32cbe44bf1aae10a3\org.eclipse.datatools.modelbase.dbdefinition-1.0.2.v201107221519.jar
MD5: 8bf72752aec7975cbe3fc13a56137975
SHA1: 725b5a9cbd280b8e6c9a6fd32cbe44bf1aae10a3
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name modelbase Low
Vendor Manifest require-bundle org.eclipse.emf.ecore;bundle-version="[2.2.0,3.0.0)";visibility:=reexport,org.eclipse.datatools.modelbase.sql;bundle-version="[0.9.0,1.5.0)" Low
Vendor central groupid org.eclipse.birt.runtime Highest
Vendor Manifest bundle-symbolicname org.eclipse.datatools.modelbase.dbdefinition; singleton:=true Medium
Vendor pom artifactid eclipse.datatools.modelbase.dbdefinition Low
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor pom groupid eclipse.birt.runtime Highest
Vendor file name org.eclipse.datatools.modelbase.dbdefinition High
Vendor pom name org.eclipse.datatools.modelbase.dbdefinition_1.0.2.v201107221519.jar High
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Vendor gradle groupid org.eclipse.birt.runtime Highest
Vendor jar package name datatools Low
Vendor jar package name eclipse Low
Product jar package name modelbase Low
Product pom artifactid eclipse.datatools.modelbase.dbdefinition Highest
Product Manifest require-bundle org.eclipse.emf.ecore;bundle-version="[2.2.0,3.0.0)";visibility:=reexport,org.eclipse.datatools.modelbase.sql;bundle-version="[0.9.0,1.5.0)" Low
Product gradle artifactid org.eclipse.datatools.modelbase.dbdefinition Highest
Product Manifest bundle-symbolicname org.eclipse.datatools.modelbase.dbdefinition; singleton:=true Medium
Product central artifactid org.eclipse.datatools.modelbase.dbdefinition Highest
Product pom description A component of the BIRT runtime Medium
Product file name org.eclipse.datatools.modelbase.dbdefinition High
Product pom name org.eclipse.datatools.modelbase.dbdefinition_1.0.2.v201107221519.jar High
Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product pom groupid eclipse.birt.runtime Low
Product jar package name dbdefinition Low
Product jar package name datatools Low
Product Manifest Bundle-Name %pluginName Medium
Version pom version 1.0.2.v201107221519 Highest
Version file name org.eclipse.datatools.modelbase.dbdefinition Medium
Version central version 1.0.2.v201107221519 Highest
Version file version 1.0.2.v20110722 Highest
Version gradle version 1.0.2.v201107221519 Highest
Version Manifest Bundle-Version 1.0.2.v201107221519 High
Published Vulnerabilities
CVE-2009-4521 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.
Vulnerable Software & Versions:
org.eclipse.datatools.enablement.mysql.dbdefinition-1.0.4.v201109022331.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.enablement.mysql.dbdefinition\1.0.4.v201109022331\7b1abc387591d4a9427bb13344243a220a5d751b\org.eclipse.datatools.enablement.mysql.dbdefinition-1.0.4.v201109022331.jar
MD5: dfa223ea33f41fe22cf29c3e57248628
SHA1: 7b1abc387591d4a9427bb13344243a220a5d751b
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest bundle-symbolicname org.eclipse.datatools.enablement.mysql.dbdefinition; singleton:=true Medium
Vendor pom artifactid eclipse.datatools.enablement.mysql.dbdefinition Low
Vendor central groupid org.eclipse.birt.runtime Highest
Vendor file name org.eclipse.datatools.enablement.mysql.dbdefinition High
Vendor pom name org.eclipse.datatools.enablement.mysql.dbdefinition_1.0.4.v201109022331.jar High
Vendor gradle groupid org.eclipse.birt.runtime Highest
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor pom groupid eclipse.birt.runtime Highest
Product gradle artifactid org.eclipse.datatools.enablement.mysql.dbdefinition Highest
Product Manifest bundle-symbolicname org.eclipse.datatools.enablement.mysql.dbdefinition; singleton:=true Medium
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product pom groupid eclipse.birt.runtime Low
Product file name org.eclipse.datatools.enablement.mysql.dbdefinition High
Product pom name org.eclipse.datatools.enablement.mysql.dbdefinition_1.0.4.v201109022331.jar High
Product central artifactid org.eclipse.datatools.enablement.mysql.dbdefinition Highest
Product pom artifactid eclipse.datatools.enablement.mysql.dbdefinition Highest
Product pom description A component of the BIRT runtime Medium
Product Manifest Bundle-Name %pluginName Medium
Version file version 1.0.4.v20110902 Highest
Version central version 1.0.4.v201109022331 Highest
Version gradle version 1.0.4.v201109022331 Highest
Version Manifest Bundle-Version 1.0.4.v201109022331 High
Version pom version 1.0.4.v201109022331 Highest
Version file name org.eclipse.datatools.enablement.mysql.dbdefinition Medium
Published Vulnerabilities
CVE-2001-0407 suppress
Severity:
Medium
CVSS Score: 4.6
(AV:L/AC:L/Au:N/C:P/I:P/A:P)
Directory traversal vulnerability in MySQL before 3.23.36 allows local users to modify arbitrary files and gain privileges by creating a database whose name starts with .. (dot dot).
Vulnerable Software & Versions:
CVE-2001-1274 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Buffer overflow in MySQL before 3.23.31 allows attackers to cause a denial of service and possibly gain privileges.
Vulnerable Software & Versions:
CVE-2001-1275 suppress
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
MySQL before 3.23.31 allows users with a MySQL account to use the SHOW GRANTS command to obtain the encrypted administrator password from the mysql.user table and possibly gain privileges via password cracking.
Vulnerable Software & Versions:
CVE-2001-1454 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Buffer overflow in MySQL before 3.23.33 allows remote attackers to execute arbitrary code via a long drop database request.
Vulnerable Software & Versions:
CVE-2003-1331 suppress
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:H/Au:N/C:N/I:P/A:P)
Stack-based buffer overflow in the mysql_real_connect function in the MySql client library (libmysqlclient) 4.0.13 and earlier allows local users to execute arbitrary code via a long socket name, a different vulnerability than CVE-2001-1453.
Vulnerable Software & Versions:
CVE-2004-0457 suppress
Severity:
Medium
CVSS Score: 4.6
(AV:L/AC:L/Au:N/C:P/I:P/A:P)
The mysqlhotcopy script in mysql 4.0.20 and earlier, when using the scp method from the mysql-server package, allows local users to overwrite arbitrary files via a symlink attack on temporary files.
Vulnerable Software & Versions:
CVE-2004-0835 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct unauthorized activities.
Vulnerable Software & Versions: (show all )
CVE-2004-0836 suppress
Severity:
High
CVSS Score: 10.0
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Buffer overflow in the mysql_real_connect function in MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows remote DNS servers to cause a denial of service and possibly execute arbitrary code via a DNS response with a large address length (h_length).
Vulnerable Software & Versions: (show all )
CVE-2004-0837 suppress
Severity:
Low
CVSS Score: 2.6
(AV:N/AC:H/Au:N/C:N/I:N/A:P)
MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to cause a denial of service (crash or hang) via multiple threads that simultaneously alter MERGE table UNIONs.
Vulnerable Software & Versions: (show all )
CVE-2006-7232 suppress
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
CWE: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x before 5.1.14 allows remote authenticated users to cause a denial of service (crash) via an EXPLAIN SELECT FROM on the INFORMATION_SCHEMA table, as originally demonstrated using ORDER BY.
Vulnerable Software & Versions: (show all )
CVE-2007-1420 suppress
Severity:
Low
CVSS Score: 2.1
(AV:L/AC:L/Au:N/C:N/I:N/A:P)
MySQL 5.x before 5.0.36 allows local users to cause a denial of service (database crash) by performing information_schema table subselects and using ORDER BY to sort a single-row result, which prevents certain structure elements from being initialized and triggers a NULL dereference in the filesort function.
Vulnerable Software & Versions: (show all )
CVE-2007-2583 suppress
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-189 Numeric Errors
The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference.
Vulnerable Software & Versions: (show all )
CVE-2007-2691 suppress
Severity:
Medium
CVSS Score: 4.9
(AV:N/AC:M/Au:S/C:N/I:P/A:P)
MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.
Vulnerable Software & Versions: (show all )
CVE-2007-5925 suppress
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation
The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, which triggers an assertion error.
Vulnerable Software & Versions:
CVE-2008-2079 suppress
Severity:
Medium
CVSS Score: 4.6
(AV:N/AC:H/Au:S/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls
MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future.
Vulnerable Software & Versions: (show all )
CVE-2009-0819 suppress
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," which triggers an assertion failure.
Vulnerable Software & Versions: (show all )
CVE-2009-4028 suppress
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation
The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library.
Vulnerable Software & Versions: (show all )
CVE-2010-1621 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The mysql_uninstall_plugin function in sql/sql_plugin.cc in MySQL 5.1 before 5.1.46 does not check privileges before uninstalling a plugin, which allows remote attackers to uninstall arbitrary plugins via the UNINSTALL PLUGIN command.
Vulnerable Software & Versions:
CVE-2010-1626 suppress
Severity:
Low
CVSS Score: 3.6
(AV:L/AC:L/Au:N/C:N/I:P/A:P)
CWE: CWE-59 Improper Link Resolution Before File Access ('Link Following')
MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than CVE-2008-4098 and CVE-2008-7247.
Vulnerable Software & Versions: (show all )
CVE-2010-2008 suppress
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation
MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory.
Vulnerable Software & Versions: (show all )
CVE-2010-3677 suppress
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors
Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a join query that uses a table with a unique SET column.
Vulnerable Software & Versions: (show all )
CVE-2010-3682 suppress
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using EXPLAIN with crafted "SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...)" statements, which triggers a NULL pointer dereference in the Item_singlerow_subselect::store function.
Vulnerable Software & Versions: (show all )
CVE-2012-5627 suppress
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:P/I:N/A:N)
CWE: CWE-255 Credentials Management
Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks.
Vulnerable Software & Versions: (show all )
CVE-2013-0375 suppress
Severity:
Medium
CVSS Score: 5.5
(AV:N/AC:L/Au:S/C:P/I:P/A:N)
CWE: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.1.28 and earlier, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication.
Vulnerable Software & Versions: (show all )
CVE-2014-9906 suppress
Severity:
High
CVSS Score: 10.0
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-416 Use After Free
Use-after-free vulnerability in DBD::mysql before 4.029 allows attackers to cause a denial of service (program crash) or possibly execute arbitrary code via vectors related to a lost server connection.
Vulnerable Software & Versions:
CVE-2015-2575 suppress
Severity:
Medium
CVSS Score: 4.9
(AV:N/AC:M/Au:S/C:P/I:P/A:N)
Unspecified vulnerability in the MySQL Connectors component in Oracle MySQL 5.1.34 and earlier allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Connector/J.
Vulnerable Software & Versions:
CVE-2016-1246 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service (crash) via vectors related to an error message.
Vulnerable Software & Versions:
CVE-2017-10788 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-416 Use After Free
The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by triggering (1) certain error responses from a MySQL server or (2) a loss of a network connection to a MySQL server. The use-after-free defect was introduced by relying on incorrect Oracle mysql_stmt_close documentation and code examples.
Vulnerable Software & Versions:
CVE-2017-10789 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-254 Security Features
The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional (even though this setting's documentation has a "your communication with the server will be encrypted" statement), which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152.
Vulnerable Software & Versions:
org.eclipse.orbit.mongodb-2.10.1.v20130422-1135.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.orbit.mongodb\2.10.1.v20130422-1135\98f0232dc80679a3f5c1effe15344dc7ceac98dc\org.eclipse.orbit.mongodb-2.10.1.v20130422-1135.jar
MD5: aeb824a874797d3ce55dec345ab6d44c
SHA1: 98f0232dc80679a3f5c1effe15344dc7ceac98dc
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest bundle-symbolicname org.eclipse.orbit.mongodb Medium
Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low
Vendor file name org.eclipse.orbit.mongodb High
Vendor jar package name mongodb Low
Vendor pom name org.eclipse.orbit.mongodb_2.10.1.v20130422-1135.jar High
Vendor central groupid org.eclipse.birt.runtime Highest
Vendor pom artifactid eclipse.orbit.mongodb Low
Vendor gradle groupid org.eclipse.birt.runtime Highest
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor pom groupid eclipse.birt.runtime Highest
Product Manifest bundle-symbolicname org.eclipse.orbit.mongodb Medium
Product Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low
Product gradle artifactid org.eclipse.orbit.mongodb Highest
Product file name org.eclipse.orbit.mongodb High
Product Manifest Bundle-Name %Bundle-Name Medium
Product pom name org.eclipse.orbit.mongodb_2.10.1.v20130422-1135.jar High
Product pom artifactid eclipse.orbit.mongodb Highest
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product pom groupid eclipse.birt.runtime Low
Product central artifactid org.eclipse.orbit.mongodb Highest
Product pom description A component of the BIRT runtime Medium
Version gradle version 2.10.1.v20130422-1135 Highest
Version pom version 2.10.1.v20130422-1135 Highest
Version Manifest Bundle-Version 2.10.1.v20130422-1135 High
Version central version 2.10.1.v20130422-1135 Highest
Version file version 2.10.1.v20130422 Highest
Version file name org.eclipse.orbit.mongodb Medium
Published Vulnerabilities
CVE-2014-8180 suppress
Severity:
Low
CVSS Score: 2.1
(AV:L/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-287 Improper Authentication
MongoDB on Red Hat Satellite 6 allows local users to bypass authentication by logging in with an empty password and delete information which can cause a Denial of Service.
Vulnerable Software & Versions:
CVE-2016-6494 suppress
Severity:
Low
CVSS Score: 2.1
(AV:L/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure
The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by reading these files.
Vulnerable Software & Versions:
javax.wsdl-1.5.1.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\javax.wsdl\1.5.1\29ec6b1964b05d6ff9728226d2a1e61fab3ac95c\javax.wsdl-1.5.1.jar
MD5: bf0c1e9a2431ee46940855f7c92628d8
SHA1: 29ec6b1964b05d6ff9728226d2a1e61fab3ac95c
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest bundle-symbolicname javax.wsdl Medium
Vendor jar package name wsdl Low
Vendor jar package name extensions Low
Vendor Manifest require-bundle org.apache.xerces;bundle-version="[2.8.0,3.0.0)";resolution:=optional Low
Vendor jar package name ibm Low
Vendor pom name javax.wsdl_1.5.1.v201012040544.jar High
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.2 Low
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor pom groupid eclipse.birt.runtime.3_7_1 Highest
Vendor pom artifactid javax.wsdl Low
Vendor central groupid org.eclipse.birt.runtime.3_7_1 Highest
Vendor Manifest Implementation-Vendor IBM High
Vendor Manifest specification-vendor IBM (Java Community Process) Low
Vendor gradle groupid org.eclipse.birt.runtime.3_7_1 Highest
Vendor file name javax.wsdl High
Product Manifest bundle-symbolicname javax.wsdl Medium
Product jar package name wsdl Low
Product jar package name extensions Low
Product pom groupid eclipse.birt.runtime.3_7_1 Low
Product Manifest Implementation-Title WSDL4J High
Product Manifest require-bundle org.apache.xerces;bundle-version="[2.8.0,3.0.0)";resolution:=optional Low
Product pom name javax.wsdl_1.5.1.v201012040544.jar High
Product central artifactid javax.wsdl Highest
Product Manifest bundle-requiredexecutionenvironment J2SE-1.2 Low
Product pom artifactid javax.wsdl Highest
Product pom description A component of the BIRT runtime Medium
Product Manifest Bundle-Name %Bundle-Name.0 Medium
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product gradle artifactid javax.wsdl Highest
Product Manifest specification-title JWSDL Medium
Product file name javax.wsdl High
Version file version 1.5.1 Highest
Version Manifest Implementation-Version 1.5.1 High
Version pom version 1.5.1 Highest
Version central version 1.5.1 Highest
Published Vulnerabilities
CVE-2009-4521 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.
Vulnerable Software & Versions:
Tidy-1.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\Tidy\1\63b1e38f4ca630dbac3d2072cda2a9336914d10c\Tidy-1.jar
MD5: 00418be9ec69f7f9a2dda911a1e77eaf
SHA1: 63b1e38f4ca630dbac3d2072cda2a9336914d10c
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom groupid eclipse.birt.runtime.3_7_1 Highest
Vendor jar package name w3c Low
Vendor jar package name tidy Low
Vendor central groupid org.eclipse.birt.runtime.3_7_1 Highest
Vendor pom artifactid Tidy Low
Vendor pom name Tidy.jar High
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor gradle groupid org.eclipse.birt.runtime.3_7_1 Highest
Vendor file name Tidy-1 High
Product pom groupid eclipse.birt.runtime.3_7_1 Low
Product central artifactid Tidy Highest
Product jar package name tidy Low
Product gradle artifactid Tidy Highest
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product pom name Tidy.jar High
Product pom description A component of the BIRT runtime Medium
Product file name Tidy-1 High
Product pom artifactid Tidy Highest
Version pom version 1 Highest
Version central version 1 Highest
Version file version 1 Medium
Published Vulnerabilities
CVE-2009-4521 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.
Vulnerable Software & Versions:
org.eclipse.datatools.enablement.postgresql.dbdefinition-1.0.2.v201110070445.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.enablement.postgresql.dbdefinition\1.0.2.v201110070445\8021bc614192f060a880cc407aba8adcfea6fb7f\org.eclipse.datatools.enablement.postgresql.dbdefinition-1.0.2.v201110070445.jar
MD5: 505940588e48631bd378b83030fa966e
SHA1: 8021bc614192f060a880cc407aba8adcfea6fb7f
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom name org.eclipse.datatools.enablement.postgresql.dbdefinition_1.0.2.v201110070445.jar High
Vendor pom artifactid eclipse.datatools.enablement.postgresql.dbdefinition Low
Vendor central groupid org.eclipse.birt.runtime Highest
Vendor Manifest bundle-symbolicname org.eclipse.datatools.enablement.postgresql.dbdefinition; singleton:=true Medium
Vendor gradle groupid org.eclipse.birt.runtime Highest
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor file name org.eclipse.datatools.enablement.postgresql.dbdefinition High
Vendor pom groupid eclipse.birt.runtime Highest
Product pom name org.eclipse.datatools.enablement.postgresql.dbdefinition_1.0.2.v201110070445.jar High
Product central artifactid org.eclipse.datatools.enablement.postgresql.dbdefinition Highest
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product Manifest bundle-symbolicname org.eclipse.datatools.enablement.postgresql.dbdefinition; singleton:=true Medium
Product pom groupid eclipse.birt.runtime Low
Product gradle artifactid org.eclipse.datatools.enablement.postgresql.dbdefinition Highest
Product pom artifactid eclipse.datatools.enablement.postgresql.dbdefinition Highest
Product pom description A component of the BIRT runtime Medium
Product file name org.eclipse.datatools.enablement.postgresql.dbdefinition High
Product Manifest Bundle-Name %pluginName Medium
Version file name org.eclipse.datatools.enablement.postgresql.dbdefinition Medium
Version gradle version 1.0.2.v201110070445 Highest
Version central version 1.0.2.v201110070445 Highest
Version Manifest Bundle-Version 1.0.2.v201110070445 High
Version pom version 1.0.2.v201110070445 Highest
Version file version 1.0.2.v20111007 Highest
Published Vulnerabilities
CVE-2007-2138 suppress
Severity:
Medium
CVSS Score: 6.0
(AV:N/AC:M/Au:S/C:P/I:P/A:P)
Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to "search_path settings."
Vulnerable Software & Versions: (show all )
CVE-2007-4772 suppress
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors
The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression.
Vulnerable Software & Versions: (show all )
CVE-2010-0733 suppress
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
CWE: CWE-189 Numeric Errors
Integer overflow in src/backend/executor/nodeHash.c in PostgreSQL 8.4.1 and earlier, and 8.5 through 8.5alpha2, allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with many LEFT JOIN clauses, related to certain hashtable size calculations.
Vulnerable Software & Versions: (show all )
CVE-2014-0060 suppress
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:P/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls
PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command before the associated GRANT command.
Vulnerable Software & Versions: (show all )
CVE-2014-0061 suppress
Severity:
Medium
CVSS Score: 6.5
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The validator functions for the procedural languages (PLs) in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to gain privileges via a function that is (1) defined in another language or (2) not allowed to be directly called by the user due to permissions.
Vulnerable Software & Versions: (show all )
CVE-2014-0062 suppress
Severity:
Medium
CVSS Score: 4.9
(AV:N/AC:M/Au:S/C:P/I:P/A:N)
CWE: CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allows remote authenticated users to create an unauthorized index or read portions of unauthorized tables by creating or deleting a table with the same name during the timing window.
Vulnerable Software & Versions: (show all )
CVE-2014-0063 suppress
Severity:
Medium
CVSS Score: 6.5
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Multiple stack-based buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via vectors related to an incorrect MAXDATELEN constant and datetime values involving (1) intervals, (2) timestamps, or (3) timezones, a different vulnerability than CVE-2014-0065.
Vulnerable Software & Versions: (show all )
CVE-2014-0064 suppress
Severity:
Medium
CVSS Score: 6.5
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-189 Numeric Errors
Multiple integer overflows in the path_in and other unspecified functions in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, which trigger a buffer overflow. NOTE: this identifier has been SPLIT due to different affected versions; use CVE-2014-2669 for the hstore vector.
Vulnerable Software & Versions: (show all )
CVE-2014-0065 suppress
Severity:
Medium
CVSS Score: 6.5
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Multiple buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, a different vulnerability than CVE-2014-0063.
Vulnerable Software & Versions: (show all )
CVE-2014-0066 suppress
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation
The chkpass extension in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly check the return value of the crypt library function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors.
Vulnerable Software & Versions: (show all )
CVE-2014-0067 suppress
Severity:
Medium
CVSS Score: 4.6
(AV:L/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The "make check" command for the test suites in PostgreSQL 9.3.3 and earlier does not properly invoke initdb to specify the authentication requirements for a database cluster to be used for the tests, which allows local users to gain privileges by leveraging access to this cluster.
Vulnerable Software & Versions: (show all )
CVE-2015-3165 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence.
Vulnerable Software & Versions: (show all )
CVE-2015-5288 suppress
Severity:
Medium
CVSS Score: 6.4
(AV:N/AC:L/Au:N/C:P/I:N/A:P)
CWE: CWE-200 Information Exposure
The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service (server crash) or read arbitrary server memory via a "too-short" salt.
Vulnerable Software & Versions: (show all )
CVE-2015-5289 suppress
Severity:
Medium
CVSS Score: 6.4
(AV:N/AC:L/Au:N/C:P/I:N/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service (server crash) via unspecified vectors, which are not properly handled in (1) json or (2) jsonb values.
Vulnerable Software & Versions: (show all )
CVE-2016-0766 suppress
Severity:
High
CVSS Score: 9.0
(AV:N/AC:L/Au:S/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 does not properly restrict access to unspecified custom configuration settings (GUCS) for PL/Java, which allows attackers to gain privileges via unspecified vectors.
Vulnerable Software & Versions: (show all )
CVE-2016-0768 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-284 Improper Access Control
PostgreSQL PL/Java after 9.0 does not honor access controls on large objects.
Vulnerable Software & Versions:
CVE-2016-0773 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service (infinite loop or buffer overflow and crash) via a large Unicode character range in a regular expression.
Vulnerable Software & Versions: (show all )
CVE-2016-5423 suppress
Severity:
Medium
CVSS Score: 6.5
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-476 NULL Pointer Dereference
PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 allow remote authenticated users to cause a denial of service (NULL pointer dereference and server crash), obtain sensitive memory information, or possibly execute arbitrary code via (1) a CASE expression within the test value subexpression of another CASE or (2) inlining of an SQL function that implements the equality operator used for a CASE expression involving values of different types.
Vulnerable Software & Versions: (show all )
CVE-2016-5424 suppress
Severity:
Medium
CVSS Score: 4.6
(AV:N/AC:H/Au:S/C:P/I:P/A:P)
CWE: CWE-94 Improper Control of Generation of Code ('Code Injection')
PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) " (double quote), (2) \ (backslash), (3) carriage return, or (4) newline character in a (a) database or (b) role name that is mishandled during an administrative operation.
Vulnerable Software & Versions: (show all )
CVE-2017-7484 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure
It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access.
Vulnerable Software & Versions: (show all )
org.w3c.css.sac-1.3.0.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\org.w3c.css.sac\1.3.0\8dfb0e08c19f3b47290096d27ab71ed4f2a5000a\org.w3c.css.sac-1.3.0.jar
MD5: 5e7f05aba6c35250a6f0345a5f9c8ca0
SHA1: 8dfb0e08c19f3b47290096d27ab71ed4f2a5000a
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.3,CDC-1.0/Foundation-1.0 Low
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor pom artifactid w3c.css.sac Low
Vendor Manifest bundle-symbolicname org.w3c.css.sac Medium
Vendor pom groupid eclipse.birt.runtime.3_7_1 Highest
Vendor pom name org.w3c.css.sac_1.3.0.v200805290154.jar High
Vendor jar package name w3c Low
Vendor central groupid org.eclipse.birt.runtime.3_7_1 Highest
Vendor jar package name sac Low
Vendor gradle groupid org.eclipse.birt.runtime.3_7_1 Highest
Vendor file name org.w3c.css.sac High
Vendor jar package name css Low
Product pom groupid eclipse.birt.runtime.3_7_1 Low
Product central artifactid org.w3c.css.sac Highest
Product Manifest bundle-requiredexecutionenvironment J2SE-1.3,CDC-1.0/Foundation-1.0 Low
Product pom description A component of the BIRT runtime Medium
Product Manifest bundle-symbolicname org.w3c.css.sac Medium
Product pom name org.w3c.css.sac_1.3.0.v200805290154.jar High
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product jar package name sac Low
Product pom artifactid w3c.css.sac Highest
Product gradle artifactid org.w3c.css.sac Highest
Product file name org.w3c.css.sac High
Product Manifest Bundle-Name %pluginName Medium
Product jar package name css Low
Version pom version 1.3.0 Highest
Version central version 1.3.0 Highest
Version file version 1.3.0 Highest
Published Vulnerabilities
CVE-2009-4521 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.
Vulnerable Software & Versions:
org.eclipse.datatools.enablement.msft.sqlserver-1.0.2.v201212120617.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.enablement.msft.sqlserver\1.0.2.v201212120617\bff9658c0858cea81b373f1488274a1d9d200cc6\org.eclipse.datatools.enablement.msft.sqlserver-1.0.2.v201212120617.jar
MD5: 17b87437049e6d36e46af23c8e4faac8
SHA1: bff9658c0858cea81b373f1488274a1d9d200cc6
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom artifactid eclipse.datatools.enablement.msft.sqlserver Low
Vendor central groupid org.eclipse.birt.runtime Highest
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor jar package name enablement Low
Vendor pom groupid eclipse.birt.runtime Highest
Vendor file name org.eclipse.datatools.enablement.msft.sqlserver High
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Vendor gradle groupid org.eclipse.birt.runtime Highest
Vendor Manifest bundle-symbolicname org.eclipse.datatools.enablement.msft.sqlserver;singleton:=true Medium
Vendor Manifest require-bundle org.eclipse.core.runtime;bundle-version="[3.2.0,4.0)",org.eclipse.datatools.modelbase.sql;bundle-version="[1.0.0,2.0.0)",org.eclipse.datatools.connectivity.sqm.core;bundle-version="[1.0.1,2.0.0)",org.eclipse.datatools.connectivity;bundle-version="[1.0.1,2.0.0)" Low
Vendor pom name org.eclipse.datatools.enablement.msft.sqlserver_1.0.2.v201212120617.jar High
Vendor jar package name datatools Low
Vendor jar package name eclipse Low
Product jar package name msft Low
Product pom description A component of the BIRT runtime Medium
Product jar package name enablement Low
Product file name org.eclipse.datatools.enablement.msft.sqlserver High
Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Product central artifactid org.eclipse.datatools.enablement.msft.sqlserver Highest
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product pom groupid eclipse.birt.runtime Low
Product gradle artifactid org.eclipse.datatools.enablement.msft.sqlserver Highest
Product Manifest bundle-symbolicname org.eclipse.datatools.enablement.msft.sqlserver;singleton:=true Medium
Product Manifest require-bundle org.eclipse.core.runtime;bundle-version="[3.2.0,4.0)",org.eclipse.datatools.modelbase.sql;bundle-version="[1.0.0,2.0.0)",org.eclipse.datatools.connectivity.sqm.core;bundle-version="[1.0.1,2.0.0)",org.eclipse.datatools.connectivity;bundle-version="[1.0.1,2.0.0)" Low
Product pom name org.eclipse.datatools.enablement.msft.sqlserver_1.0.2.v201212120617.jar High
Product jar package name datatools Low
Product pom artifactid eclipse.datatools.enablement.msft.sqlserver Highest
Product Manifest Bundle-Name %pluginName Medium
Version file version 1.0.2.v20121212 Highest
Version Manifest Bundle-Version 1.0.2.v201212120617 High
Version central version 1.0.2.v201212120617 Highest
Version gradle version 1.0.2.v201212120617 Highest
Version file name org.eclipse.datatools.enablement.msft.sqlserver Medium
Version pom version 1.0.2.v201212120617 Highest
Published Vulnerabilities
CVE-2009-4521 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.
Vulnerable Software & Versions:
flute-1.3.jar
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.milyn\flute\1.3\b7d59dc172005598b55699b1a75605b13c14f1fd\flute-1.3.jar
MD5: 2f2e13cd3523c545dd1c4617b373692c
SHA1: b7d59dc172005598b55699b1a75605b13c14f1fd
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name flute Low
Vendor jar package name w3c Low
Vendor pom artifactid flute Low
Vendor file name flute High
Vendor pom name Flute High
Vendor central groupid milyn High
Vendor jar package name parser Low
Vendor gradle groupid org.milyn Highest
Vendor pom groupid milyn Highest
Vendor central groupid org.milyn High
Product jar package name selectors Low
Product jar package name flute Low
Product gradle artifactid flute Highest
Product pom artifactid flute Highest
Product file name flute High
Product pom groupid milyn Low
Product central artifactid flute High
Product pom name Flute High
Product jar package name parser Low
Version pom version 1.3 Highest
Version file version 1.3 Highest
Version central version 1.3 High
org.eclipse.datatools.connectivity.apache.derby-1.0.103.v201212070447.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.connectivity.apache.derby\1.0.103.v201212070447\2257789d5761585d498d13bb2269c180c970f28d\org.eclipse.datatools.connectivity.apache.derby-1.0.103.v201212070447.jar
MD5: b9aeb8aeaa0809e9dc4a15388ec82d8f
SHA1: 2257789d5761585d498d13bb2269c180c970f28d
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor file name org.eclipse.datatools.connectivity.apache.derby High
Vendor Manifest bundle-symbolicname org.eclipse.datatools.connectivity.apache.derby;singleton:=true Medium
Vendor central groupid org.eclipse.birt.runtime Highest
Vendor pom name org.eclipse.datatools.connectivity.apache.derby_1.0.103.v201212070447.jar High
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor pom groupid eclipse.birt.runtime Highest
Vendor jar package name connectivity Low
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Vendor pom artifactid eclipse.datatools.connectivity.apache.derby Low
Vendor Manifest require-bundle org.eclipse.emf.ecore;bundle-version="[2.2.0,3.0.0)",org.eclipse.core.runtime;bundle-version="[3.2.0,4.0.0)",org.eclipse.core.resources;bundle-version="[3.2.0,4.0.0)",org.eclipse.datatools.modelbase.dbdefinition;bundle-version="[0.9.0,1.5.0)",org.eclipse.datatools.modelbase.sql;bundle-version="[0.9.0,1.5.0)",org.eclipse.datatools.connectivity.sqm.core;bundle-version="[0.9.1,1.5.0)",org.eclipse.datatools.modelbase.derby;bundle-version="[0.9.0,1.5.0)",org.eclipse.datatools.connectivity;bundle-version="[1.2.2,2.0.0)" Low
Vendor gradle groupid org.eclipse.birt.runtime Highest
Vendor jar package name datatools Low
Vendor jar package name eclipse Low
Product file name org.eclipse.datatools.connectivity.apache.derby High
Product jar package name apache Low
Product Manifest bundle-symbolicname org.eclipse.datatools.connectivity.apache.derby;singleton:=true Medium
Product gradle artifactid org.eclipse.datatools.connectivity.apache.derby Highest
Product pom name org.eclipse.datatools.connectivity.apache.derby_1.0.103.v201212070447.jar High
Product pom description A component of the BIRT runtime Medium
Product pom artifactid eclipse.datatools.connectivity.apache.derby Highest
Product jar package name connectivity Low
Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Product Manifest require-bundle org.eclipse.emf.ecore;bundle-version="[2.2.0,3.0.0)",org.eclipse.core.runtime;bundle-version="[3.2.0,4.0.0)",org.eclipse.core.resources;bundle-version="[3.2.0,4.0.0)",org.eclipse.datatools.modelbase.dbdefinition;bundle-version="[0.9.0,1.5.0)",org.eclipse.datatools.modelbase.sql;bundle-version="[0.9.0,1.5.0)",org.eclipse.datatools.connectivity.sqm.core;bundle-version="[0.9.1,1.5.0)",org.eclipse.datatools.modelbase.derby;bundle-version="[0.9.0,1.5.0)",org.eclipse.datatools.connectivity;bundle-version="[1.2.2,2.0.0)" Low
Product central artifactid org.eclipse.datatools.connectivity.apache.derby Highest
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product pom groupid eclipse.birt.runtime Low
Product jar package name datatools Low
Product Manifest Bundle-Name %pluginName Medium
Version file version 1.0.103.v20121207 Highest
Version gradle version 1.0.103.v201212070447 Highest
Version central version 1.0.103.v201212070447 Highest
Version pom version 1.0.103.v201212070447 Highest
Version Manifest Bundle-Version 1.0.103.v201212070447 High
Version file name org.eclipse.datatools.connectivity.apache.derby Medium
Published Vulnerabilities
CVE-2005-4849 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure
Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
Vulnerable Software & Versions:
CVE-2009-4269 suppress
Severity:
Low
CVSS Score: 2.1
(AV:L/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-310 Cryptographic Issues
The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
Vulnerable Software & Versions:
org.eclipse.datatools.connectivity.console.profile-1.0.10.v201109250955.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.datatools.connectivity.console.profile\1.0.10.v201109250955\2c338e35fc23603cea9ebaf5177a0c042f38eea1\org.eclipse.datatools.connectivity.console.profile-1.0.10.v201109250955.jar
MD5: 9b8e7f6c69a0bf165645503775af9154
SHA1: 2c338e35fc23603cea9ebaf5177a0c042f38eea1
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor file name org.eclipse.datatools.connectivity.console.profile High
Vendor central groupid org.eclipse.birt.runtime Highest
Vendor Manifest bundle-symbolicname org.eclipse.datatools.connectivity.console.profile;singleton:=true Medium
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor pom groupid eclipse.birt.runtime Highest
Vendor jar package name connectivity Low
Vendor Manifest require-bundle org.eclipse.core.runtime;bundle-version="[3.3.0,4.0.0)",org.eclipse.datatools.connectivity;bundle-version="[1.2.4,2.0.0)",org.eclipse.datatools.connectivity.oda;bundle-version="[3.1.2,4.0.0)" Low
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Vendor pom name org.eclipse.datatools.connectivity.console.profile_1.0.10.v201109250955.jar High
Vendor gradle groupid org.eclipse.birt.runtime Highest
Vendor jar package name datatools Low
Vendor jar package name eclipse Low
Vendor pom artifactid eclipse.datatools.connectivity.console.profile Low
Product central artifactid org.eclipse.datatools.connectivity.console.profile Highest
Product file name org.eclipse.datatools.connectivity.console.profile High
Product jar package name console Low
Product Manifest bundle-symbolicname org.eclipse.datatools.connectivity.console.profile;singleton:=true Medium
Product pom description A component of the BIRT runtime Medium
Product jar package name connectivity Low
Product Manifest require-bundle org.eclipse.core.runtime;bundle-version="[3.3.0,4.0.0)",org.eclipse.datatools.connectivity;bundle-version="[1.2.4,2.0.0)",org.eclipse.datatools.connectivity.oda;bundle-version="[3.1.2,4.0.0)" Low
Product Manifest Bundle-Name %plugin.name Medium
Product pom artifactid eclipse.datatools.connectivity.console.profile Highest
Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Product pom name org.eclipse.datatools.connectivity.console.profile_1.0.10.v201109250955.jar High
Product gradle artifactid org.eclipse.datatools.connectivity.console.profile Highest
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product pom groupid eclipse.birt.runtime Low
Product jar package name datatools Low
Version file name org.eclipse.datatools.connectivity.console.profile Medium
Version file version 1.0.10.v20110925 Highest
Version central version 1.0.10.v201109250955 Highest
Version gradle version 1.0.10.v201109250955 Highest
Version Manifest Bundle-Version 1.0.10.v201109250955 High
Version pom version 1.0.10.v201109250955 Highest
Published Vulnerabilities
CVE-2009-4521 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.
Vulnerable Software & Versions:
org.apache.commons.codec-1.3.0.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\org.apache.commons.codec\1.3.0\72c73f3729b4ca49dac8691fb5adb194e8595799\org.apache.commons.codec-1.3.0.jar
MD5: e411b9d204b1a91d62b830a86e1f44ff
SHA1: 72c73f3729b4ca49dac8691fb5adb194e8595799
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom artifactid apache.commons.codec Low
Vendor jar package name apache Low
Vendor file name org.apache.commons.codec High
Vendor jar package name codec Low
Vendor Manifest bundle-requiredexecutionenvironment CDC-1.0/Foundation-1.0,J2SE-1.3 Low
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor jar package name commons Low
Vendor pom groupid eclipse.birt.runtime.3_7_1 Highest
Vendor pom name org.apache.commons.codec_1.3.0.v201101211617.jar High
Vendor central groupid org.eclipse.birt.runtime.3_7_1 Highest
Vendor Manifest bundle-symbolicname org.apache.commons.codec Medium
Vendor gradle groupid org.eclipse.birt.runtime.3_7_1 Highest
Product gradle artifactid org.apache.commons.codec Highest
Product pom groupid eclipse.birt.runtime.3_7_1 Low
Product file name org.apache.commons.codec High
Product Manifest Bundle-Name %bundleName Medium
Product jar package name codec Low
Product Manifest bundle-requiredexecutionenvironment CDC-1.0/Foundation-1.0,J2SE-1.3 Low
Product pom description A component of the BIRT runtime Medium
Product jar package name commons Low
Product pom name org.apache.commons.codec_1.3.0.v201101211617.jar High
Product pom artifactid apache.commons.codec Highest
Product central artifactid org.apache.commons.codec Highest
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product Manifest bundle-symbolicname org.apache.commons.codec Medium
Version pom version 1.3.0 Highest
Version central version 1.3.0 Highest
Version file version 1.3.0 Highest
Published Vulnerabilities
CVE-2009-4521 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.
Vulnerable Software & Versions:
com.lowagie.text-2.1.7.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\com.lowagie.text\2.1.7\18d4c7c2014447eacfd00c65c717b3cfc422407b\com.lowagie.text-2.1.7.jar
MD5: af7c1521ab58701d3a0cadc29ef3d15a
SHA1: 18d4c7c2014447eacfd00c65c717b3cfc422407b
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name text Low
Vendor jar package name lowagie Low
Vendor file name com.lowagie.text High
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.4 Low
Vendor pom groupid eclipse.birt.runtime.3_7_1 Highest
Vendor jar package name pdf Low
Vendor pom name com.lowagie.text_2.1.7.v201004222200.jar High
Vendor central groupid org.eclipse.birt.runtime.3_7_1 Highest
Vendor pom artifactid lowagie.text Low
Vendor Manifest bundle-symbolicname com.lowagie.text Medium
Vendor gradle groupid org.eclipse.birt.runtime.3_7_1 Highest
Product jar package name text Low
Product pom artifactid lowagie.text Highest
Product pom groupid eclipse.birt.runtime.3_7_1 Low
Product Manifest Bundle-Name %bundleName Medium
Product central artifactid com.lowagie.text Highest
Product file name com.lowagie.text High
Product pom description A component of the BIRT runtime Medium
Product gradle artifactid com.lowagie.text Highest
Product Manifest bundle-requiredexecutionenvironment J2SE-1.4 Low
Product jar package name pdf Low
Product pom name com.lowagie.text_2.1.7.v201004222200.jar High
Product Manifest bundle-symbolicname com.lowagie.text Medium
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Version central version 2.1.7 Highest
Version pom version 2.1.7 Highest
Version file version 2.1.7 Highest
Published Vulnerabilities
CVE-2009-4521 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.
Vulnerable Software & Versions:
org.apache.batik.bridge-1.6.0.jar
Description: A component of the BIRT runtime
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/org/documents/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\org.apache.batik.bridge\1.6.0\e2db6eb9029356884f123a60e9b72a51919e9a6f\org.apache.batik.bridge-1.6.0.jar
MD5: e0136e6d36f5140dfea96ff1f3fea441
SHA1: e2db6eb9029356884f123a60e9b72a51919e9a6f
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name apache Low
Vendor Manifest require-bundle org.apache.batik.css;bundle-version="[1.6.0,1.7.0)",org.apache.batik.dom;bundle-version="[1.6.0,1.7.0)",org.apache.batik.dom.svg;bundle-version="[1.6.0,1.7.0)",org.apache.batik.ext.awt;bundle-version="[1.6.0,1.7.0)",org.apache.batik.parser;bundle-version="[1.6.0,1.7.0)",org.apache.batik.util;bundle-version="[1.6.0,1.7.0)",org.apache.batik.util.gui;bundle-version="[1.6.0,1.7.0)",org.apache.batik.xml;bundle-version="[1.6.0,1.7.0)",org.w3c.dom.svg;bundle-version="[1.1.0,1.3.0)" Low
Vendor jar package name bridge Low
Vendor pom name org.apache.batik.bridge_1.6.0.v201011041432.jar High
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.3 Low
Vendor pom description A component of the BIRT runtime Medium
Vendor pom url http://www.eclipse.org/projects/project.php?id=birt Highest
Vendor Manifest bundle-symbolicname org.apache.batik.bridge Medium
Vendor file name org.apache.batik.bridge High
Vendor pom groupid eclipse.birt.runtime.3_7_1 Highest
Vendor pom artifactid apache.batik.bridge Low
Vendor central groupid org.eclipse.birt.runtime.3_7_1 Highest
Vendor jar package name batik Low
Vendor gradle groupid org.eclipse.birt.runtime.3_7_1 Highest
Product pom groupid eclipse.birt.runtime.3_7_1 Low
Product pom artifactid apache.batik.bridge Highest
Product Manifest require-bundle org.apache.batik.css;bundle-version="[1.6.0,1.7.0)",org.apache.batik.dom;bundle-version="[1.6.0,1.7.0)",org.apache.batik.dom.svg;bundle-version="[1.6.0,1.7.0)",org.apache.batik.ext.awt;bundle-version="[1.6.0,1.7.0)",org.apache.batik.parser;bundle-version="[1.6.0,1.7.0)",org.apache.batik.util;bundle-version="[1.6.0,1.7.0)",org.apache.batik.util.gui;bundle-version="[1.6.0,1.7.0)",org.apache.batik.xml;bundle-version="[1.6.0,1.7.0)",org.w3c.dom.svg;bundle-version="[1.1.0,1.3.0)" Low
Product jar package name bridge Low
Product pom name org.apache.batik.bridge_1.6.0.v201011041432.jar High
Product Manifest bundle-requiredexecutionenvironment J2SE-1.3 Low
Product pom description A component of the BIRT runtime Medium
Product Manifest bundle-symbolicname org.apache.batik.bridge Medium
Product file name org.apache.batik.bridge High
Product central artifactid org.apache.batik.bridge Highest
Product pom url http://www.eclipse.org/projects/project.php?id=birt Medium
Product jar package name batik Low
Product gradle artifactid org.apache.batik.bridge Highest
Product Manifest Bundle-Name %pluginName Medium
Version file version 1.6.0 Highest
Version pom version 1.6.0 Highest
Version central version 1.6.0 Highest
Published Vulnerabilities
CVE-2015-0250 suppress
Severity:
Medium
CVSS Score: 6.4
(AV:N/AC:L/Au:N/C:P/I:N/A:P)
XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.
Vulnerable Software & Versions: (show all )
CVE-2017-5662 suppress
Severity:
High
CVSS Score: 7.9
(AV:N/AC:M/Au:S/C:C/I:N/A:C)
CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.
Vulnerable Software & Versions:
aopalliance-1.0.jar
Description: AOP Alliance
License:
Public Domain
File Path: Z:\Gradle\caches\modules-2\files-2.1\aopalliance\aopalliance\1.0\235ba8b489512805ac13a8f9ea77a1ca5ebe3e8\aopalliance-1.0.jar
MD5: 04177054e180d09e3998808efa0401c7
SHA1: 0235ba8b489512805ac13a8f9ea77a1ca5ebe3e8
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor gradle groupid aopalliance Highest
Vendor pom groupid aopalliance Highest
Vendor pom name AOP alliance High
Vendor pom url http://aopalliance.sourceforge.net Highest
Vendor jar package name intercept Low
Vendor pom description AOP Alliance Medium
Vendor central groupid aopalliance Highest
Vendor file name aopalliance High
Vendor pom artifactid aopalliance Low
Vendor jar package name aopalliance Low
Product pom groupid aopalliance Low
Product pom name AOP alliance High
Product pom url http://aopalliance.sourceforge.net Medium
Product jar package name intercept Low
Product central artifactid aopalliance Highest
Product pom description AOP Alliance Medium
Product file name aopalliance High
Product pom artifactid aopalliance Highest
Product gradle artifactid aopalliance Highest
Version pom version 1.0 Highest
Version central version 1.0 Highest
Version file version 1.0 Highest
jaxb-impl-2.1.9.jar
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.sun.xml.bind\jaxb-impl\2.1.9\9c137963871ba7296643806b01083e4cf1703769\jaxb-impl-2.1.9.jar
MD5: 8f7f2e5ceca330ebfeea5db52a891f8f
SHA1: 9c137963871ba7296643806b01083e4cf1703769
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest specification-vendor Sun Microsystems, Inc. Low
Vendor Manifest Implementation-Vendor-Id com.sun Medium
Vendor jar package name sun Low
Vendor jar (hint) package name oracle Low
Vendor file name jaxb-impl High
Vendor pom artifactid jaxb-impl Low
Vendor jar package name xml Low
Vendor Manifest Implementation-Vendor Sun Microsystems, Inc. High
Vendor central groupid com.sun.xml.bind Highest
Vendor jar package name bind Low
Vendor Manifest extension-name com.sun.xml.bind Medium
Vendor gradle groupid com.sun.xml.bind Highest
Vendor pom groupid sun.xml.bind Highest
Product jar package name v2 Low
Product central artifactid jaxb-impl Highest
Product Manifest Implementation-Title JAXB Reference Implementation High
Product jar package name bind Low
Product pom artifactid jaxb-impl Highest
Product gradle artifactid jaxb-impl Highest
Product Manifest extension-name com.sun.xml.bind Medium
Product Manifest specification-title Java Architecture for XML Binding Medium
Product file name jaxb-impl High
Product pom groupid sun.xml.bind Low
Product jar package name xml Low
Version central version 2.1.9 Highest
Version file version 2.1.9 Highest
Version Manifest Implementation-Version 2.1.9 High
Version pom version 2.1.9 Highest
person-directory-api-1.5.0-RC5.jar
Description: Provides a general interface for accessing attributes for a person.
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.jasig.service\person-directory-api\1.5.0-RC5\a2f4804d335d3cfe6a4bb3407dcf9fb88d396700\person-directory-api-1.5.0-RC5.jar
MD5: 342160c7a8e7d47a934fc442503f219b
SHA1: a2f4804d335d3cfe6a4bb3407dcf9fb88d396700
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor gradle groupid org.jasig.service Highest
Vendor pom artifactid person-directory-api Low
Vendor pom description Provides a general interface for accessing attributes for a person. Medium
Vendor pom name Person Directory API High
Vendor Manifest Implementation-Vendor Jasig High
Vendor pom groupid jasig.service Highest
Vendor pom parent-artifactid person-directory-parent Low
Vendor Manifest Implementation-Vendor-Id org.jasig.service Medium
Vendor file name person-directory-api High
Vendor central groupid org.jasig.service Highest
Vendor Manifest specification-vendor Jasig Low
Vendor pom parent-groupid org.jasig.service Medium
Product pom parent-artifactid person-directory-parent Medium
Product gradle artifactid person-directory-api Highest
Product Manifest Implementation-Title Person Directory API High
Product central artifactid person-directory-api Highest
Product pom artifactid person-directory-api Highest
Product pom description Provides a general interface for accessing attributes for a person. Medium
Product file name person-directory-api High
Product pom parent-groupid org.jasig.service Low
Product pom name Person Directory API High
Product Manifest specification-title Person Directory API Medium
Product pom groupid jasig.service Low
Version file version 1.5.0.rc5 Highest
Version central version 1.5.0-RC5 Highest
Version Manifest Implementation-Version 1.5.0-RC5 High
Version pom version 1.5.0-RC5 Highest
spring-context-2.5.6.SEC01.jar
Description: Spring Framework: Context
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.springframework\spring-context\2.5.6.SEC01\30ab3c56aa2ca6d9e4a194a36ac0679df2fd108\spring-context-2.5.6.SEC01.jar
MD5: fc87e3ecd8faa9306fe3657955e35315
SHA1: 030ab3c56aa2ca6d9e4a194a36ac0679df2fd108
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor hint analyzer vendor pivotal software High
Vendor hint analyzer vendor SpringSource High
Vendor pom url http://www.springframework.org Highest
Vendor jar package name springframework Low
Vendor pom organization url http://www.springframework.org/ Medium
Vendor pom groupid springframework Highest
Vendor pom organization name Spring Framework High
Vendor hint analyzer vendor vmware High
Vendor pom name Spring Framework: Context High
Vendor central groupid org.springframework Highest
Vendor pom artifactid spring-context Low
Vendor pom description Spring Framework: Context Medium
Vendor file name spring-context High
Vendor Manifest bundle-symbolicname org.springframework.context Medium
Vendor gradle groupid org.springframework Highest
Product Manifest Bundle-Name Spring Context Medium
Product central artifactid spring-context Highest
Product pom artifactid spring-context Highest
Product pom organization url http://www.springframework.org/ Low
Product Manifest Implementation-Title Spring Framework High
Product pom url http://www.springframework.org Medium
Product pom name Spring Framework: Context High
Product pom organization name Spring Framework Low
Product gradle artifactid spring-context Highest
Product pom groupid springframework Low
Product pom description Spring Framework: Context Medium
Product hint analyzer product springsource_spring_framework High
Product file name spring-context High
Product Manifest bundle-symbolicname org.springframework.context Medium
Version pom version 2.5.6.SEC01 Highest
Version central version 2.5.6.SEC01 Highest
Version Manifest Implementation-Version 2.5.6.SEC01 High
Version file version 2.5.6.sec01 Highest
cpe: cpe:/a:springsource:spring_framework:2.5.6.sec01
Confidence :Low
suppress
maven: org.springframework:spring-context:2.5.6.SEC01 ✓
Confidence :Highest
cpe: cpe:/a:pivotal:spring_framework:2.5.6.sec01
Confidence :Low
suppress
cpe: cpe:/a:pivotal_software:spring_framework:2.5.6.sec01
Confidence :Low
suppress
cpe: cpe:/a:vmware:springsource_spring_framework:2.5.6.sec01
Confidence :Low
suppress
Published Vulnerabilities
CVE-2011-2730 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-16 Configuration
VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language (EL), evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a (1) name attribute in a (a) spring:hasBindErrors tag; (2) path attribute in a (b) spring:bind or (c) spring:nestedpath tag; (3) arguments, (4) code, (5) text, (6) var, (7) scope, or (8) message attribute in a (d) spring:message or (e) spring:theme tag; or (9) var, (10) scope, or (11) value attribute in a (f) spring:transform tag, aka "Expression Language Injection."
Vulnerable Software & Versions: (show all )
CVE-2013-4152 suppress
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.
Vulnerable Software & Versions: (show all )
CVE-2013-6429 suppress
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315.
Vulnerable Software & Versions: (show all )
CVE-2013-7315 suppress
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152. NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions.
Vulnerable Software & Versions: (show all )
CVE-2014-0054 suppress
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-352
The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429.
Vulnerable Software & Versions: (show all )
CVE-2014-1904 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action.
Vulnerable Software & Versions: (show all )
CVE-2016-9878 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.
Vulnerable Software & Versions: (show all )
spring-tx-2.5.6.SEC01.jar
Description: Spring Framework: Transaction
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.springframework\spring-tx\2.5.6.SEC01\4af6ff118eb394f804fe3a96f3e3f323a5de5ff6\spring-tx-2.5.6.SEC01.jar
MD5: d3823f3cc0feeb18a6e89a1ff833a08e
SHA1: 4af6ff118eb394f804fe3a96f3e3f323a5de5ff6
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor hint analyzer vendor pivotal software High
Vendor hint analyzer vendor SpringSource High
Vendor pom url http://www.springframework.org Highest
Vendor jar package name springframework Low
Vendor pom name Spring Framework: Transaction High
Vendor pom organization url http://www.springframework.org/ Medium
Vendor pom groupid springframework Highest
Vendor file name spring-tx High
Vendor pom organization name Spring Framework High
Vendor hint analyzer vendor vmware High
Vendor pom artifactid spring-tx Low
Vendor jar package name transaction Low
Vendor central groupid org.springframework Highest
Vendor Manifest bundle-symbolicname org.springframework.transaction Medium
Vendor gradle groupid org.springframework Highest
Vendor pom description Spring Framework: Transaction Medium
Product pom artifactid spring-tx Highest
Product pom organization url http://www.springframework.org/ Low
Product pom name Spring Framework: Transaction High
Product Manifest Implementation-Title Spring Framework High
Product pom url http://www.springframework.org Medium
Product file name spring-tx High
Product Manifest Bundle-Name Spring Transaction Medium
Product gradle artifactid spring-tx Highest
Product pom organization name Spring Framework Low
Product jar package name transaction Low
Product pom groupid springframework Low
Product hint analyzer product springsource_spring_framework High
Product Manifest bundle-symbolicname org.springframework.transaction Medium
Product central artifactid spring-tx Highest
Product pom description Spring Framework: Transaction Medium
Version pom version 2.5.6.SEC01 Highest
Version central version 2.5.6.SEC01 Highest
Version Manifest Implementation-Version 2.5.6.SEC01 High
Version file version 2.5.6.sec01 Highest
cpe: cpe:/a:springsource:spring_framework:2.5.6.sec01
Confidence :Low
suppress
maven: org.springframework:spring-tx:2.5.6.SEC01 ✓
Confidence :Highest
cpe: cpe:/a:pivotal:spring_framework:2.5.6.sec01
Confidence :Low
suppress
cpe: cpe:/a:pivotal_software:spring_framework:2.5.6.sec01
Confidence :Low
suppress
cpe: cpe:/a:vmware:springsource_spring_framework:2.5.6.sec01
Confidence :Low
suppress
Published Vulnerabilities
CVE-2011-2730 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-16 Configuration
VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language (EL), evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a (1) name attribute in a (a) spring:hasBindErrors tag; (2) path attribute in a (b) spring:bind or (c) spring:nestedpath tag; (3) arguments, (4) code, (5) text, (6) var, (7) scope, or (8) message attribute in a (d) spring:message or (e) spring:theme tag; or (9) var, (10) scope, or (11) value attribute in a (f) spring:transform tag, aka "Expression Language Injection."
Vulnerable Software & Versions: (show all )
CVE-2013-4152 suppress
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.
Vulnerable Software & Versions: (show all )
CVE-2013-6429 suppress
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315.
Vulnerable Software & Versions: (show all )
CVE-2013-7315 suppress
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152. NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions.
Vulnerable Software & Versions: (show all )
CVE-2014-0054 suppress
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-352
The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429.
Vulnerable Software & Versions: (show all )
CVE-2014-1904 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action.
Vulnerable Software & Versions: (show all )
CVE-2016-9878 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.
Vulnerable Software & Versions: (show all )
spring-context-support-2.5.6.SEC01.jar
Description: Spring Framework: Context Support
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.springframework\spring-context-support\2.5.6.SEC01\3a88bce8e22a274f116d4fb3dcc936d088fff014\spring-context-support-2.5.6.SEC01.jar
MD5: e3f6c6bd31d9bca3d9c73693ce37f55c
SHA1: 3a88bce8e22a274f116d4fb3dcc936d088fff014
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor hint analyzer vendor pivotal software High
Vendor hint analyzer vendor SpringSource High
Vendor pom url http://www.springframework.org Highest
Vendor jar package name springframework Low
Vendor Manifest bundle-symbolicname org.springframework.context.support Medium
Vendor pom artifactid spring-context-support Low
Vendor pom organization url http://www.springframework.org/ Medium
Vendor pom groupid springframework Highest
Vendor pom organization name Spring Framework High
Vendor hint analyzer vendor vmware High
Vendor pom name Spring Framework: Context Support High
Vendor file name spring-context-support High
Vendor central groupid org.springframework Highest
Vendor pom description Spring Framework: Context Support Medium
Vendor gradle groupid org.springframework Highest
Product pom organization url http://www.springframework.org/ Low
Product Manifest Implementation-Title Spring Framework High
Product Manifest bundle-symbolicname org.springframework.context.support Medium
Product Manifest Bundle-Name Spring Context Support Medium
Product pom artifactid spring-context-support Highest
Product pom url http://www.springframework.org Medium
Product pom name Spring Framework: Context Support High
Product pom organization name Spring Framework Low
Product central artifactid spring-context-support Highest
Product file name spring-context-support High
Product pom description Spring Framework: Context Support Medium
Product pom groupid springframework Low
Product hint analyzer product springsource_spring_framework High
Product gradle artifactid spring-context-support Highest
Version pom version 2.5.6.SEC01 Highest
Version central version 2.5.6.SEC01 Highest
Version Manifest Implementation-Version 2.5.6.SEC01 High
Version file version 2.5.6.sec01 Highest
maven: org.springframework:spring-context-support:2.5.6.SEC01 ✓
Confidence :Highest
cpe: cpe:/a:springsource:spring_framework:2.5.6.sec01
Confidence :Low
suppress
cpe: cpe:/a:pivotal:spring_framework:2.5.6.sec01
Confidence :Low
suppress
cpe: cpe:/a:pivotal_software:spring_framework:2.5.6.sec01
Confidence :Low
suppress
cpe: cpe:/a:vmware:springsource_spring_framework:2.5.6.sec01
Confidence :Low
suppress
Published Vulnerabilities
CVE-2011-2730 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-16 Configuration
VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language (EL), evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a (1) name attribute in a (a) spring:hasBindErrors tag; (2) path attribute in a (b) spring:bind or (c) spring:nestedpath tag; (3) arguments, (4) code, (5) text, (6) var, (7) scope, or (8) message attribute in a (d) spring:message or (e) spring:theme tag; or (9) var, (10) scope, or (11) value attribute in a (f) spring:transform tag, aka "Expression Language Injection."
Vulnerable Software & Versions: (show all )
CVE-2013-4152 suppress
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.
Vulnerable Software & Versions: (show all )
CVE-2013-6429 suppress
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315.
Vulnerable Software & Versions: (show all )
CVE-2013-7315 suppress
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152. NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions.
Vulnerable Software & Versions: (show all )
CVE-2014-0054 suppress
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-352
The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429.
Vulnerable Software & Versions: (show all )
CVE-2014-1904 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action.
Vulnerable Software & Versions: (show all )
CVE-2016-9878 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.
Vulnerable Software & Versions: (show all )
spring-web-2.5.6.SEC01.jar
Description: Spring Framework: Web
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.springframework\spring-web\2.5.6.SEC01\6a5711a5a29cf25603892c2bace8bbe3bf062834\spring-web-2.5.6.SEC01.jar
MD5: 042b8195b45e7a61c017e8304b3c6dd1
SHA1: 6a5711a5a29cf25603892c2bace8bbe3bf062834
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor file name spring-web High
Vendor hint analyzer vendor pivotal software High
Vendor Manifest bundle-symbolicname org.springframework.web Medium
Vendor hint analyzer vendor SpringSource High
Vendor pom artifactid spring-web Low
Vendor pom url http://www.springframework.org Highest
Vendor jar package name springframework Low
Vendor pom description Spring Framework: Web Medium
Vendor pom organization url http://www.springframework.org/ Medium
Vendor pom groupid springframework Highest
Vendor pom organization name Spring Framework High
Vendor hint analyzer vendor vmware High
Vendor central groupid org.springframework Highest
Vendor jar package name web Low
Vendor pom name Spring Framework: Web High
Vendor gradle groupid org.springframework Highest
Product file name spring-web High
Product Manifest bundle-symbolicname org.springframework.web Medium
Product Manifest Bundle-Name Spring Web Medium
Product pom description Spring Framework: Web Medium
Product central artifactid spring-web Highest
Product pom organization url http://www.springframework.org/ Low
Product Manifest Implementation-Title Spring Framework High
Product pom url http://www.springframework.org Medium
Product pom artifactid spring-web Highest
Product pom organization name Spring Framework Low
Product jar package name web Low
Product pom groupid springframework Low
Product hint analyzer product springsource_spring_framework High
Product pom name Spring Framework: Web High
Product gradle artifactid spring-web Highest
Version pom version 2.5.6.SEC01 Highest
Version central version 2.5.6.SEC01 Highest
Version Manifest Implementation-Version 2.5.6.SEC01 High
Version file version 2.5.6.sec01 Highest
cpe: cpe:/a:springsource:spring_framework:2.5.6.sec01
Confidence :Low
suppress
cpe: cpe:/a:pivotal:spring_framework:2.5.6.sec01
Confidence :Low
suppress
maven: org.springframework:spring-web:2.5.6.SEC01 ✓
Confidence :Highest
cpe: cpe:/a:pivotal_software:spring_framework:2.5.6.sec01
Confidence :Low
suppress
cpe: cpe:/a:vmware:springsource_spring_framework:2.5.6.sec01
Confidence :Low
suppress
Published Vulnerabilities
CVE-2011-2730 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-16 Configuration
VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language (EL), evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a (1) name attribute in a (a) spring:hasBindErrors tag; (2) path attribute in a (b) spring:bind or (c) spring:nestedpath tag; (3) arguments, (4) code, (5) text, (6) var, (7) scope, or (8) message attribute in a (d) spring:message or (e) spring:theme tag; or (9) var, (10) scope, or (11) value attribute in a (f) spring:transform tag, aka "Expression Language Injection."
Vulnerable Software & Versions: (show all )
CVE-2013-4152 suppress
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.
Vulnerable Software & Versions: (show all )
CVE-2013-6429 suppress
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315.
Vulnerable Software & Versions: (show all )
CVE-2013-7315 suppress
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152. NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions.
Vulnerable Software & Versions: (show all )
CVE-2014-0054 suppress
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-352
The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429.
Vulnerable Software & Versions: (show all )
CVE-2014-1904 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action.
Vulnerable Software & Versions: (show all )
CVE-2016-9878 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.
Vulnerable Software & Versions: (show all )
hibernate-3.2.6.ga.jar
Description: Relational Persistence for Java
License:
GNU LESSER GENERAL PUBLIC LICENSE: http://www.gnu.org/licenses/lgpl.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.hibernate\hibernate\3.2.6.ga\dd982c3d5c28c956aa4fa9112258cb3013606ddd\hibernate-3.2.6.ga.jar
MD5: 5fc853b674c28384719ad7f846ea4dce
SHA1: dd982c3d5c28c956aa4fa9112258cb3013606ddd
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name hibernate Low
Vendor pom name Hibernate High
Vendor pom url http://www.hibernate.org Highest
Vendor central groupid org.hibernate Highest
Vendor pom organization name JBoss Inc. High
Vendor pom artifactid hibernate Low
Vendor file name hibernate High
Vendor gradle groupid org.hibernate Highest
Vendor pom groupid hibernate Highest
Vendor pom organization url http://www.jboss.com Medium
Vendor Manifest Implementation-Vendor hibernate.org High
Vendor pom description Relational Persistence for Java Medium
Product pom organization name JBoss Inc. Low
Product pom name Hibernate High
Product pom groupid hibernate Low
Product pom organization url http://www.jboss.com Low
Product Manifest Implementation-Title Hibernate3 High
Product pom artifactid hibernate Highest
Product gradle artifactid hibernate Highest
Product central artifactid hibernate Highest
Product pom description Relational Persistence for Java Medium
Product file name hibernate High
Product pom url http://www.hibernate.org Medium
Version Manifest Implementation-Version 3.2.6.ga High
Version file version 3.2.6 Highest
Version central version 3.2.6.ga Highest
Version pom version 3.2.6.ga Highest
hibernate-commons-annotations-3.0.0.ga.jar
Description: Hibernate Commons Annotations is a utility project used by annotations based Hibernate sub-projects.
License:
GNU LESSER GENERAL PUBLIC LICENSE: http://www.gnu.org/licenses/lgpl.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.hibernate\hibernate-commons-annotations\3.0.0.ga\c8f53732fe3b75935f0550bdc3ba92bc9345360f\hibernate-commons-annotations-3.0.0.ga.jar
MD5: 1ccefbe43fedffc16835ceb1a777d199
SHA1: c8f53732fe3b75935f0550bdc3ba92bc9345360f
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom artifactid hibernate-commons-annotations Low
Vendor jar package name annotations Low
Vendor jar package name hibernate Low
Vendor pom groupid hibernate Highest
Vendor pom description Hibernate Commons Annotations is a utility project used by annotations based Hibernate sub-projects. Medium
Vendor Manifest product Hibernate Commons Annotations Low
Vendor jar package name common Low
Vendor central groupid org.hibernate High
Vendor file name hibernate-commons-annotations High
Vendor gradle groupid org.hibernate Highest
Vendor pom name Hibernate Commons Annotations High
Product gradle artifactid hibernate-commons-annotations Highest
Product pom artifactid hibernate-commons-annotations Highest
Product jar package name annotations Low
Product pom groupid hibernate Low
Product pom description Hibernate Commons Annotations is a utility project used by annotations based Hibernate sub-projects. Medium
Product Manifest product Hibernate Commons Annotations Low
Product jar package name common Low
Product jar package name reflection Low
Product file name hibernate-commons-annotations High
Product central artifactid hibernate-commons-annotations High
Product pom name Hibernate Commons Annotations High
Version central version 3.3.0.ga High
Version pom version 3.0.0.ga Highest
Version file version 3.0.0 Highest
Version central version 3.0.0.ga High
ejb3-persistence-1.0.1.GA.jar
Description: Java Persistence API
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.hibernate\ejb3-persistence\1.0.1.GA\f502b2c96c95e087435c79d3d6c9aa85bb1154bc\ejb3-persistence-1.0.1.GA.jar
MD5: d46c8f0555d95027269259dd04f6b10c
SHA1: f502b2c96c95e087435c79d3d6c9aa85bb1154bc
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest specification-vendor Sun Microsystems, Inc. Low
Vendor jar package name javax Low
Vendor pom description Java Persistence API Medium
Vendor pom url http://www.hibernate.org Highest
Vendor central groupid org.hibernate Highest
Vendor jar package name persistence Low
Vendor pom name Java Persistence API High
Vendor gradle groupid org.hibernate Highest
Vendor pom groupid hibernate Highest
Vendor pom artifactid ejb3-persistence Low
Vendor Manifest Implementation-Vendor hibernate.org High
Vendor file name ejb3-persistence High
Product Manifest Implementation-Title EJB High
Product central artifactid ejb3-persistence Highest
Product Manifest specification-title EJB 3.0 Medium
Product pom groupid hibernate Low
Product pom description Java Persistence API Medium
Product jar package name persistence Low
Product gradle artifactid ejb3-persistence Highest
Product pom name Java Persistence API High
Product pom artifactid ejb3-persistence Highest
Product pom url http://www.hibernate.org Medium
Product file name ejb3-persistence High
Version pom version 1.0.1.GA Highest
Version file version 1.0.1 Highest
Version central version 1.0.1.GA Highest
aspectjweaver-1.5.3.jar
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/legal/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\aspectj\aspectjweaver\1.5.3\4040e72d0dda6e9a03d879835cd3f70f19284c34\aspectjweaver-1.5.3.jar
MD5: 06464d01316d851e8dac161847e98f4c
SHA1: 4040e72d0dda6e9a03d879835cd3f70f19284c34
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor file name aspectjweaver High
Vendor Manifest specification-vendor aspectj.org Low
Vendor pom url http://www.aspectj.org Highest
Vendor Manifest name org/aspectj/weaver/ Medium
Vendor Manifest Implementation-Vendor aspectj.org High
Vendor central groupid aspectj Highest
Vendor pom name AspectJ weaver High
Vendor gradle groupid aspectj Highest
Vendor pom artifactid aspectjweaver Low
Vendor pom groupid aspectj Highest
Vendor jar package name aspectj Low
Product pom url http://www.aspectj.org Medium
Product file name aspectjweaver High
Product Manifest name org/aspectj/weaver/ Medium
Product pom name AspectJ weaver High
Product Manifest Implementation-Title org.aspectj.weaver High
Product gradle artifactid aspectjweaver Highest
Product central artifactid aspectjweaver Highest
Product pom groupid aspectj Low
Product pom artifactid aspectjweaver Highest
Product Manifest specification-title AspectJ Weaver Classes Medium
Version pom version 1.5.3 Highest
Version central version 1.5.3 Highest
Version file version 1.5.3 Highest
Version Manifest Implementation-Version 1.5.3 High
aspectjrt-1.5.3.jar
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/legal/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\aspectj\aspectjrt\1.5.3\80e9fde0223721baefb5df5f251888cc2456ed6\aspectjrt-1.5.3.jar
MD5: 6b097361bf7d1643bba896eb6b9ff156
SHA1: 080e9fde0223721baefb5df5f251888cc2456ed6
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor file name aspectjrt High
Vendor manifest: org/aspectj/lang/ Implementation-Vendor aspectj.org Medium
Vendor pom url http://www.aspectj.org Highest
Vendor central groupid aspectj Highest
Vendor pom artifactid aspectjrt Low
Vendor jar package name lang Low
Vendor pom name AspectJ runtime High
Vendor gradle groupid aspectj Highest
Vendor pom groupid aspectj Highest
Vendor jar package name aspectj Low
Product pom url http://www.aspectj.org Medium
Product manifest: org/aspectj/lang/ Implementation-Title org.aspectj.tools Medium
Product jar package name reflect Low
Product file name aspectjrt High
Product jar package name lang Low
Product central artifactid aspectjrt Highest
Product pom name AspectJ runtime High
Product pom groupid aspectj Low
Product manifest: org/aspectj/lang/ Specification-Title AspectJ Runtime Classes Medium
Product gradle artifactid aspectjrt Highest
Product pom artifactid aspectjrt Highest
Version pom version 1.5.3 Highest
Version central version 1.5.3 Highest
Version file version 1.5.3 Highest
ognl-2.6.9.jar
Description: OGNL stands for Object-Graph Navigation Language; it is an expression language for getting and setting properties of Java objects.
License:
BSD License: http://www.opensource.org/licenses/bsd-license.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\ognl\ognl\2.6.9\fad9692184899994e977b647998f9fa4a9cfec35\ognl-2.6.9.jar
MD5: fb4d30eab3ed221ada77479685d608c2
SHA1: fad9692184899994e977b647998f9fa4a9cfec35
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor central groupid ognl Highest
Vendor gradle groupid ognl Highest
Vendor pom description OGNL stands for Object-Graph Navigation Language; it is an expression language for getting and setting properties of Java objects. Low
Vendor file name ognl High
Vendor pom artifactid ognl Low
Vendor jar package name ognl Low
Vendor pom name OGNL High
Vendor pom groupid ognl Highest
Vendor pom url http://www.ognl.org/ Highest
Product pom description OGNL stands for Object-Graph Navigation Language; it is an expression language for getting and setting properties of Java objects. Low
Product file name ognl High
Product pom url http://www.ognl.org/ Medium
Product Manifest Implementation-Title OGNL High
Product pom artifactid ognl Highest
Product gradle artifactid ognl Highest
Product central artifactid ognl Highest
Product pom groupid ognl Low
Product pom name OGNL High
Version Manifest Implementation-Version 2.6.9 High
Version file version 2.6.9 Highest
Version pom version 2.6.9 Highest
Version central version 2.6.9 Highest
cpe: cpe:/a:ognl_project:ognl:2.6.9
Confidence :Low
suppress
maven: ognl:ognl:2.6.9 ✓
Confidence :Highest
Published Vulnerabilities
CVE-2016-3093 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation
Apache Struts 2.0.0 through 2.3.24.1 does not properly cache method references when used with OGNL before 3.0.12, which allows remote attackers to cause a denial of service (block access to a web site) via unspecified vectors.
Vulnerable Software & Versions: (show all )
spring-binding-1.0.6.jar
Description: Spring Data Binding Framework
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.springframework\spring-binding\1.0.6\c2789e5215ed30d4d9e06873097c8bab8ae97109\spring-binding-1.0.6.jar
MD5: a8bca088c4e5ef2a395b5d784c6aa180
SHA1: c2789e5215ed30d4d9e06873097c8bab8ae97109
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor hint analyzer vendor pivotal software High
Vendor hint analyzer vendor SpringSource High
Vendor pom url http://www.springframework.org Highest
Vendor jar package name springframework Low
Vendor pom organization url http://www.springframework.org/ Medium
Vendor Manifest Implementation-Vendor springframework.org High
Vendor pom groupid springframework Highest
Vendor pom description Spring Data Binding Framework Medium
Vendor pom organization name Spring Framework High
Vendor hint analyzer vendor vmware High
Vendor jar package name binding Low
Vendor pom artifactid spring-binding Low
Vendor central groupid org.springframework Highest
Vendor pom name Spring Binding High
Vendor file name spring-binding High
Vendor gradle groupid org.springframework Highest
Product pom artifactid spring-binding Highest
Product pom organization url http://www.springframework.org/ Low
Product pom url http://www.springframework.org Medium
Product pom description Spring Data Binding Framework Medium
Product jar package name binding Low
Product pom organization name Spring Framework Low
Product gradle artifactid spring-binding Highest
Product Manifest Implementation-Title Spring Data Binding High
Product pom groupid springframework Low
Product pom name Spring Binding High
Product hint analyzer product springsource_spring_framework High
Product file name spring-binding High
Product central artifactid spring-binding Highest
Version pom version 1.0.6 Highest
Version central version 1.0.6 Highest
Version file version 1.0.6 Highest
Version Manifest Implementation-Version 1.0.6 High
cpe: cpe:/a:pivotal:spring_framework:1.0.6
Confidence :Low
suppress
cpe: cpe:/a:vmware:springsource_spring_framework:1.0.6
Confidence :Low
suppress
cpe: cpe:/a:pivotal_software:spring_framework:1.0.6
Confidence :Low
suppress
cpe: cpe:/a:springsource:spring_framework:1.0.6
Confidence :Low
suppress
maven: org.springframework:spring-binding:1.0.6 ✓
Confidence :Highest
Published Vulnerabilities
CVE-2011-2730 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-16 Configuration
VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language (EL), evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a (1) name attribute in a (a) spring:hasBindErrors tag; (2) path attribute in a (b) spring:bind or (c) spring:nestedpath tag; (3) arguments, (4) code, (5) text, (6) var, (7) scope, or (8) message attribute in a (d) spring:message or (e) spring:theme tag; or (9) var, (10) scope, or (11) value attribute in a (f) spring:transform tag, aka "Expression Language Injection."
Vulnerable Software & Versions: (show all )
CVE-2013-4152 suppress
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.
Vulnerable Software & Versions: (show all )
CVE-2013-6429 suppress
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315.
Vulnerable Software & Versions: (show all )
CVE-2013-7315 suppress
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152. NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions.
Vulnerable Software & Versions: (show all )
CVE-2014-0054 suppress
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-352
The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429.
Vulnerable Software & Versions: (show all )
CVE-2014-1904 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action.
Vulnerable Software & Versions: (show all )
CVE-2016-9878 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.
Vulnerable Software & Versions: (show all )
plexus-utils-1.5.6.jar
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.codehaus.plexus\plexus-utils\1.5.6\8fb6b798a4036048b3005e058553bf21a87802ed\plexus-utils-1.5.6.jar
MD5: d6070c2e77ca56adafa953215ddf744b
SHA1: 8fb6b798a4036048b3005e058553bf21a87802ed
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor central groupid org.codehaus.plexus Highest
Vendor gradle groupid org.codehaus.plexus Highest
Vendor file name plexus-utils High
Vendor jar package name plexus Low
Vendor pom artifactid plexus-utils Low
Vendor jar package name codehaus Low
Vendor pom name Plexus Common Utilities High
Vendor pom parent-groupid org.codehaus.plexus Medium
Vendor jar package name util Low
Vendor pom url http://plexus.codehaus.org/plexus-utils Highest
Vendor pom parent-artifactid plexus Low
Vendor pom groupid codehaus.plexus Highest
Product pom parent-artifactid plexus Medium
Product pom name Plexus Common Utilities High
Product gradle artifactid plexus-utils Highest
Product pom artifactid plexus-utils Highest
Product pom parent-groupid org.codehaus.plexus Low
Product pom groupid codehaus.plexus Low
Product jar package name util Low
Product file name plexus-utils High
Product jar package name plexus Low
Product pom url http://plexus.codehaus.org/plexus-utils Medium
Product central artifactid plexus-utils Highest
Version file version 1.5.6 Highest
Version pom version 1.5.6 Highest
Version central version 1.5.6 Highest
maven-scm-provider-svn-commons-1.4.jar
Description: Common library for SCM SVN Provider.
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.maven.scm\maven-scm-provider-svn-commons\1.4\54bc1dc24c5d205b4d251a83f4ea63808c21a628\maven-scm-provider-svn-commons-1.4.jar
MD5: 09e3cb24fa48c3d6427e1d2b79b42d26
SHA1: 54bc1dc24c5d205b4d251a83f4ea63808c21a628
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor file name maven-scm-provider-svn-commons High
Vendor pom parent-groupid org.apache.maven.scm Medium
Vendor pom description Common library for SCM SVN Provider. Medium
Vendor pom artifactid maven-scm-provider-svn-commons Low
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor gradle groupid org.apache.maven.scm Highest
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor Manifest Implementation-Vendor-Id org.apache.maven.scm Medium
Vendor central groupid org.apache.maven.scm Highest
Vendor pom parent-artifactid maven-scm-providers-svn Low
Vendor pom name Maven SCM Subversion Provider - Common library High
Vendor pom groupid apache.maven.scm Highest
Product Manifest Implementation-Title Maven SCM Subversion Provider - Common library High
Product file name maven-scm-provider-svn-commons High
Product pom description Common library for SCM SVN Provider. Medium
Product central artifactid maven-scm-provider-svn-commons Highest
Product pom groupid apache.maven.scm Low
Product pom name Maven SCM Subversion Provider - Common library High
Product Manifest specification-title Maven SCM Subversion Provider - Common library Medium
Product pom parent-groupid org.apache.maven.scm Low
Product pom parent-artifactid maven-scm-providers-svn Medium
Product gradle artifactid maven-scm-provider-svn-commons Highest
Product pom artifactid maven-scm-provider-svn-commons Highest
Version Manifest Implementation-Version 1.4 High
Version pom version 1.4 Highest
Version file version 1.4 Highest
Version central version 1.4 Highest
regexp-1.3.jar
File Path: Z:\Gradle\caches\modules-2\files-2.1\regexp\regexp\1.3\973df2b78b67bcd3144c3dbbb88da691065a3f8d\regexp-1.3.jar
MD5: 6dcdc325850e40b843cac2a25fb2121e
SHA1: 973df2b78b67bcd3144c3dbbb88da691065a3f8d
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name apache Low
Vendor jar package name regexp Low
Vendor file name regexp High
Vendor central groupid regexp Highest
Vendor pom groupid regexp Highest
Vendor gradle groupid regexp Highest
Vendor pom artifactid regexp Low
Product gradle artifactid regexp Highest
Product pom artifactid regexp Highest
Product jar package name regexp Low
Product pom groupid regexp Low
Product file name regexp High
Product central artifactid regexp Highest
Version pom version 1.3 Highest
Version file version 1.3 Highest
Version central version 1.3 Highest
jaxb-api-2.1.jar
File Path: Z:\Gradle\caches\modules-2\files-2.1\javax.xml.bind\jaxb-api\2.1\b2dfeed54ac106bcd714ba59c1f52ef9167d56e\jaxb-api-2.1.jar
MD5: 63f750861245626b7338e2d2e6a33068
SHA1: 0b2dfeed54ac106bcd714ba59c1f52ef9167d56e
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest specification-vendor Sun Microsystems, Inc. Low
Vendor jar package name javax Low
Vendor jar package name bind Low
Vendor gradle groupid javax.xml.bind Highest
Vendor Manifest extension-name javax.xml.bind Medium
Vendor file name jaxb-api High
Vendor jar package name xml Low
Product gradle artifactid jaxb-api Highest
Product jar package name bind Low
Product Manifest specification-title Java Architecture for XML Binding Medium
Product Manifest extension-name javax.xml.bind Medium
Product file name jaxb-api High
Product jar package name xml Low
Version file version 2.1 Highest
Version file name jaxb-api Medium
Version Manifest specification-version 2.1 High
Version gradle version 2.1 Highest
maven: javax.xml.bind:jaxb-api:2.1
Confidence :Highest
ehcache-1.2.3.jar
Description:
ehcache is a pure Java, in-process cache with the following features:
1. Fast.
2. Simple.
3. Multiple eviction policies: LRU, LFU and FIFO.
4. Caches can be in memory or on disk.
5. Disk Stores can be persistent between VM restarts.
6. Distributed caching using multicast and RMI, with a pluggable API.
7. Cache and CacheManager listeners
8. Supports multiple Caches per CacheManager, and multiple CacheManagers per application.
9. Acts as a pluggable cache for Hibernate 3.1, 3 and 2.1.
10. Small foot print. Both in terms of size and memory requirements.
11. Minimal dependencies apart from J2SE.
12. Fully documented. See the online Documentation and the online JavaDoc.
13. Comprehensive Test Coverage. See the clover test report.
14. Available under the Apache 1.1 license. EHCache's copyright and licensing has been reviewed and approved by the Apache Software Foundation, making EHCache suitable for use in Apache projects.
15. Production tested. EHCache is used on a large and very busy eCommerce site.
16. Web caching, pull-through caches and other common caching implementations are provided in the ehcache-constructs module.
License:
The Apache Software License, Version 2.0: http://ehcache.sourceforge.net/LICENSE.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\net.sf.ehcache\ehcache\1.2.3\461752b4e3d73a5815737df243782ac70112b489\ehcache-1.2.3.jar
MD5: e26a78a6249bb308dc13c2c5a7980567
SHA1: 461752b4e3d73a5815737df243782ac70112b489
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom artifactid ehcache Low
Vendor jar package name ehcache Low
Vendor file name ehcache High
Vendor pom description ehcache is a pure Java, in-process cache with the following features: 1. Fast. 2. Simple. 3. Multiple eviction policies: LRU, LFU and FIFO. 4. Caches can be in memory or on disk. 5. Disk Stores can be persistent between VM restarts. 6. Distributed caching using multicast and RMI, with a pluggable API. 7. Cache and CacheManager listeners 8. Supports multiple Caches per CacheManager, and multiple CacheManagers per application. 9. Acts as a pluggable cache for Hibernate 3.1, 3 and 2.1. 10. Small foot print. Both in terms of size and memory requirements. 11. Minimal dependencies apart from J2SE. 12. Fully documented. See the online Documentation and the online JavaDoc. 13. Comprehensive Test Coverage. See the clover test report. 14. Available under the Apache 1.1 license. EHCache's copyright and licensing has been reviewed and approved by the Apache Software Foundation, making EHCache suitable for use in Apache projects. 15. Production tested. EHCache is used on a large and very busy eCommerce site. 16. Web caching, pull-through caches and other common caching implementations are provided in the ehcache-constructs module. Low
Vendor jar package name net Low
Vendor central groupid net.sf.ehcache Highest
Vendor pom name ehcache High
Vendor pom url http://ehcache.sf.net Highest
Vendor jar package name sf Low
Vendor gradle groupid net.sf.ehcache Highest
Vendor pom groupid net.sf.ehcache Highest
Product pom artifactid ehcache Highest
Product jar package name ehcache Low
Product file name ehcache High
Product pom description ehcache is a pure Java, in-process cache with the following features: 1. Fast. 2. Simple. 3. Multiple eviction policies: LRU, LFU and FIFO. 4. Caches can be in memory or on disk. 5. Disk Stores can be persistent between VM restarts. 6. Distributed caching using multicast and RMI, with a pluggable API. 7. Cache and CacheManager listeners 8. Supports multiple Caches per CacheManager, and multiple CacheManagers per application. 9. Acts as a pluggable cache for Hibernate 3.1, 3 and 2.1. 10. Small foot print. Both in terms of size and memory requirements. 11. Minimal dependencies apart from J2SE. 12. Fully documented. See the online Documentation and the online JavaDoc. 13. Comprehensive Test Coverage. See the clover test report. 14. Available under the Apache 1.1 license. EHCache's copyright and licensing has been reviewed and approved by the Apache Software Foundation, making EHCache suitable for use in Apache projects. 15. Production tested. EHCache is used on a large and very busy eCommerce site. 16. Web caching, pull-through caches and other common caching implementations are provided in the ehcache-constructs module. Low
Product pom url http://ehcache.sf.net Medium
Product gradle artifactid ehcache Highest
Product pom groupid net.sf.ehcache Low
Product pom name ehcache High
Product jar package name sf Low
Product central artifactid ehcache Highest
Version file version 1.2.3 Highest
Version central version 1.2.3 Highest
Version pom version 1.2.3 Highest
jta-1.0.1B.jar
File Path: Z:\Gradle\caches\modules-2\files-2.1\javax.transaction\jta\1.0.1B\3dd157a4f4fe115ac5d165d6c21463d0ce9e3c7b\jta-1.0.1B.jar
MD5: c6e3e528816227b97f6b21f709641f8f
SHA1: 3dd157a4f4fe115ac5d165d6c21463d0ce9e3c7b
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name javax Low
Vendor jar package name transaction Low
Vendor file name jta High
Vendor gradle groupid javax.transaction Highest
Product jar package name transaction Low
Product file name jta High
Product gradle artifactid jta Highest
Version gradle version 1.0.1B Highest
Version file name jta Medium
Version file version 1.0.1b Highest
maven: javax.transaction:jta:1.0.1B
Confidence :Highest
asm-attrs-1.5.3.jar
File Path: Z:\Gradle\caches\modules-2\files-2.1\asm\asm-attrs\1.5.3\911ca40cdb527969ee47dc6f782425d94a36b510\asm-attrs-1.5.3.jar
MD5: 2f222ca7499ed5bc49fe25a1182c59f7
SHA1: 911ca40cdb527969ee47dc6f782425d94a36b510
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom name asm-attrs High
Vendor jar package name asm Low
Vendor Manifest Implementation-Vendor France Telecom R&D High
Vendor pom groupid asm Highest
Vendor pom url http://asm.objectweb.org/ Highest
Vendor jar package name objectweb Low
Vendor pom organization url http://www.objectweb.org/ Medium
Vendor pom organization name ObjectWeb High
Vendor jar package name attrs Low
Vendor gradle groupid asm Highest
Vendor pom artifactid asm-attrs Low
Vendor file name asm-attrs High
Vendor central groupid asm Highest
Product central artifactid asm-attrs Highest
Product pom name asm-attrs High
Product jar package name asm Low
Product Manifest Implementation-Title ASM Attribute classes High
Product pom artifactid asm-attrs Highest
Product pom groupid asm Low
Product pom url http://asm.objectweb.org/ Medium
Product jar package name attrs Low
Product pom organization url http://www.objectweb.org/ Low
Product pom organization name ObjectWeb Low
Product gradle artifactid asm-attrs Highest
Product file name asm-attrs High
Version pom version 1.5.3 Highest
Version central version 1.5.3 Highest
Version file version 1.5.3 Highest
Version Manifest Implementation-Version 1.5.3 High
antlr-2.7.6.jar
File Path: Z:\Gradle\caches\modules-2\files-2.1\antlr\antlr\2.7.6\cf4f67dae5df4f9932ae7810f4548ef3e14dd35e\antlr-2.7.6.jar
MD5: 97c6bb68108a3d68094eab0f67157962
SHA1: cf4f67dae5df4f9932ae7810f4548ef3e14dd35e
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom url http://www.antlr.org/ Highest
Vendor file name antlr High
Vendor pom artifactid antlr Low
Vendor gradle groupid antlr Highest
Vendor central groupid antlr Highest
Vendor pom groupid antlr Highest
Vendor pom name AntLR High
Vendor jar package name antlr Low
Product gradle artifactid antlr Highest
Product pom artifactid antlr Highest
Product file name antlr High
Product central artifactid antlr Highest
Product pom name AntLR High
Product pom groupid antlr Low
Product pom url http://www.antlr.org/ Medium
Version pom version 2.7.6 Highest
Version central version 2.7.6 Highest
Version file version 2.7.6 Highest
cglib-2.1_3.jar
File Path: Z:\Gradle\caches\modules-2\files-2.1\cglib\cglib\2.1_3\d3851e366b9fe8b7d8215de0f9eb980b359d8de0\cglib-2.1_3.jar
MD5: ce1dce4a5f6865fb88d4c7c2728b78ed
SHA1: d3851e366b9fe8b7d8215de0f9eb980b359d8de0
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor gradle groupid cglib Highest
Vendor pom groupid cglib Highest
Vendor central groupid cglib Highest
Vendor pom name cglib High
Vendor file name cglib High
Vendor pom artifactid cglib Low
Vendor jar package name net Low
Vendor pom url http://cglib.sourceforge.net/ Highest
Vendor jar package name cglib Low
Vendor jar package name sf Low
Product pom name cglib High
Product central artifactid cglib Highest
Product file name cglib High
Product gradle artifactid cglib Highest
Product pom artifactid cglib Highest
Product pom url http://cglib.sourceforge.net/ Medium
Product jar package name cglib Low
Product jar package name sf Low
Product pom groupid cglib Low
Version file version 2.1.3 Highest
Version central version 2.1_3 Highest
Version pom version 2.1_3 Highest
asm-1.5.3.jar
File Path: Z:\Gradle\caches\modules-2\files-2.1\asm\asm\1.5.3\63a2715c39c9e97f88fe371d4441a1b3493d74f9\asm-1.5.3.jar
MD5: ea4119d1471fc3c1af6b216815bd666c
SHA1: 63a2715c39c9e97f88fe371d4441a1b3493d74f9
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom artifactid asm Low
Vendor jar package name asm Low
Vendor Manifest Implementation-Vendor France Telecom R&D High
Vendor pom groupid asm Highest
Vendor pom url http://asm.objectweb.org/ Highest
Vendor file name asm High
Vendor jar package name objectweb Low
Vendor pom organization url http://www.objectweb.org/ Medium
Vendor pom organization name ObjectWeb High
Vendor pom name asm High
Vendor gradle groupid asm Highest
Vendor central groupid asm Highest
Product pom artifactid asm Highest
Product Manifest Implementation-Title ASM High
Product pom url http://asm.objectweb.org/ Medium
Product pom organization url http://www.objectweb.org/ Low
Product jar package name asm Low
Product pom organization name ObjectWeb Low
Product pom name asm High
Product central artifactid asm Highest
Product file name asm High
Product pom groupid asm Low
Product gradle artifactid asm Highest
Version pom version 1.5.3 Highest
Version central version 1.5.3 Highest
Version file version 1.5.3 Highest
Version Manifest Implementation-Version 1.5.3 High
stax-api-1.0-2.jar
Description:
StAX is a standard XML processing API that allows you to stream XML data from and to your application.
License:
GNU General Public Library: http://www.gnu.org/licenses/gpl.txt
COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0: http://www.sun.com/cddl/cddl.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\javax.xml.stream\stax-api\1.0-2\d6337b0de8b25e53e81b922352fbea9f9f57ba0b\stax-api-1.0-2.jar
MD5: 7d18b63063580284c3f5734081fdc99f
SHA1: d6337b0de8b25e53e81b922352fbea9f9f57ba0b
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name javax Low
Vendor pom groupid javax.xml.stream Highest
Vendor gradle groupid javax.xml.stream Highest
Vendor pom description StAX is a standard XML processing API that allows you to stream XML data from and to your application. Low
Vendor jar package name stream Low
Vendor pom name Streaming API for XML High
Vendor pom artifactid stax-api Low
Vendor file name stax-api High
Vendor central groupid javax.xml.stream Highest
Vendor jar package name xml Low
Product central artifactid stax-api Highest
Product pom description StAX is a standard XML processing API that allows you to stream XML data from and to your application. Low
Product jar package name stream Low
Product pom name Streaming API for XML High
Product file name stax-api High
Product gradle artifactid stax-api Highest
Product pom artifactid stax-api Highest
Product jar package name xml Low
Product pom groupid javax.xml.stream Low
Version pom version 1.0-2 Highest
Version file version 1.0.2 Highest
Version central version 1.0-2 Highest
geronimo-jta_1.1_spec-1.1.1.jar
Description: Provides open-source implementations of Sun specifications.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.geronimo.specs\geronimo-jta_1.1_spec\1.1.1\aabab3165b8ea936b9360abbf448459c0d04a5a4\geronimo-jta_1.1_spec-1.1.1.jar
MD5: 4aa8d50456bcec0bf6f032ceb182ad64
SHA1: aabab3165b8ea936b9360abbf448459c0d04a5a4
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest bundle-symbolicname org.apache.geronimo.specs.geronimo-jta_1.1_spec Medium
Vendor pom parent-artifactid specs Low
Vendor manifest Bundle-Description Provides open-source implementations of Sun specifications. Medium
Vendor central groupid org.apache.geronimo.specs Highest
Vendor file name geronimo-jta_1.1_spec-1.1.1 High
Vendor pom parent-groupid org.apache.geronimo.specs Medium
Vendor pom name JTA 1.1 High
Vendor pom artifactid geronimo-jta_1.1_spec Low
Vendor gradle groupid org.apache.geronimo.specs Highest
Vendor pom groupid apache.geronimo.specs Highest
Vendor Manifest bundle-docurl http://www.apache.org Low
Product Manifest bundle-symbolicname org.apache.geronimo.specs.geronimo-jta_1.1_spec Medium
Product Manifest Implementation-Title Apache Geronimo High
Product central artifactid geronimo-jta_1.1_spec Highest
Product manifest Bundle-Description Provides open-source implementations of Sun specifications. Medium
Product pom parent-artifactid specs Medium
Product file name geronimo-jta_1.1_spec-1.1.1 High
Product pom groupid apache.geronimo.specs Low
Product pom parent-groupid org.apache.geronimo.specs Low
Product gradle artifactid geronimo-jta_1.1_spec Highest
Product pom name JTA 1.1 High
Product Manifest Bundle-Name geronimo-jta_1.1_spec Medium
Product pom artifactid geronimo-jta_1.1_spec Highest
Product Manifest bundle-docurl http://www.apache.org Low
Version Manifest Implementation-Version 1.1.1 High
Version pom version 1.1.1 Highest
Version central version 1.1.1 Highest
commons-io-2.5.jar
Description:
The Apache Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\commons-io\commons-io\2.5\2852e6e05fbb95076fc091f6d1780f1f8fe35e0f\commons-io-2.5.jar
MD5: e2d74794fba570ec2115fb9d5b05dc9b
SHA1: 2852e6e05fbb95076fc091f6d1780f1f8fe35e0f
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom description
The Apache Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more. Low
Vendor pom url http://commons.apache.org/proper/commons-io/ Highest
Vendor pom name Apache Commons IO High
Vendor gradle groupid commons-io Highest
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom parent-groupid org.apache.commons Medium
Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-io/ Low
Vendor Manifest implementation-build tags/commons-io-2.5@r1739098; 2016-04-14 09:19:54-0400 Low
Vendor central groupid commons-io Highest
Vendor pom artifactid commons-io Low
Vendor Manifest implementation-url http://commons.apache.org/proper/commons-io/ Low
Vendor pom parent-artifactid commons-parent Low
Vendor pom groupid commons-io Highest
Vendor Manifest bundle-symbolicname org.apache.commons.io Medium
Vendor manifest Bundle-Description The Apache Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more. Low
Vendor file name commons-io High
Product pom description
The Apache Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more. Low
Product pom parent-groupid org.apache.commons Low
Product pom name Apache Commons IO High
Product Manifest specification-title Apache Commons IO Medium
Product central artifactid commons-io Highest
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Product Manifest Implementation-Title Apache Commons IO High
Product Manifest bundle-docurl http://commons.apache.org/proper/commons-io/ Low
Product Manifest Bundle-Name Apache Commons IO Medium
Product pom url http://commons.apache.org/proper/commons-io/ Medium
Product Manifest implementation-build tags/commons-io-2.5@r1739098; 2016-04-14 09:19:54-0400 Low
Product pom artifactid commons-io Highest
Product gradle artifactid commons-io Highest
Product pom parent-artifactid commons-parent Medium
Product Manifest implementation-url http://commons.apache.org/proper/commons-io/ Low
Product Manifest bundle-symbolicname org.apache.commons.io Medium
Product manifest Bundle-Description The Apache Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more. Low
Product pom groupid commons-io Low
Product file name commons-io High
Version Manifest Implementation-Version 2.5 High
Version file version 2.5 Highest
Version central version 2.5 Highest
Version pom version 2.5 Highest
jackson-databind-2.8.9.jar
Description: General data-binding functionality for Jackson: works on core streaming API
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.fasterxml.jackson.core\jackson-databind\2.8.9\4dfca3975be3c1a98eacb829e70f02e9a71bc159\jackson-databind-2.8.9.jar
MD5: 2d8f44c15feb8d76271ee7c5258b2072
SHA1: 4dfca3975be3c1a98eacb829e70f02e9a71bc159
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor central groupid com.fasterxml.jackson.core Highest
Vendor file name jackson-databind High
Vendor pom artifactid jackson-databind Low
Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium
Vendor pom description General data-binding functionality for Jackson: works on core streaming API Medium
Vendor pom groupid fasterxml.jackson.core Highest
Vendor pom name jackson-databind High
Vendor Manifest Implementation-Vendor FasterXML High
Vendor gradle groupid com.fasterxml.jackson.core Highest
Vendor Manifest specification-vendor FasterXML Low
Vendor Manifest bundle-docurl http://github.com/FasterXML/jackson Low
Vendor pom parent-groupid com.fasterxml.jackson Medium
Vendor pom parent-artifactid jackson-parent Low
Vendor manifest Bundle-Description General data-binding functionality for Jackson: works on core streaming API Medium
Vendor Manifest implementation-build-date 2017-06-12 00:53:09+0000 Low
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Vendor pom url http://github.com/FasterXML/jackson Highest
Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-databind Medium
Product file name jackson-databind High
Product pom description General data-binding functionality for Jackson: works on core streaming API Medium
Product pom name jackson-databind High
Product pom url http://github.com/FasterXML/jackson Medium
Product pom parent-artifactid jackson-parent Medium
Product gradle artifactid jackson-databind Highest
Product Manifest bundle-docurl http://github.com/FasterXML/jackson Low
Product Manifest Implementation-Title jackson-databind High
Product pom groupid fasterxml.jackson.core Low
Product manifest Bundle-Description General data-binding functionality for Jackson: works on core streaming API Medium
Product Manifest Bundle-Name jackson-databind Medium
Product Manifest implementation-build-date 2017-06-12 00:53:09+0000 Low
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Product central artifactid jackson-databind Highest
Product pom parent-groupid com.fasterxml.jackson Low
Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-databind Medium
Product Manifest specification-title jackson-databind Medium
Product pom artifactid jackson-databind Highest
Version file version 2.8.9 Highest
Version central version 2.8.9 Highest
Version Manifest Implementation-Version 2.8.9 High
Version pom version 2.8.9 Highest
curvesapi-1.04.jar
Description: Implementation of various mathematical curves that define themselves over a set of control points. The API is written in Java. The curves supported are: Bezier, B-Spline, Cardinal Spline, Catmull-Rom Spline, Lagrange, Natural Cubic Spline, and NURBS.
License:
BSD License: http://opensource.org/licenses/BSD-3-Clause
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.github.virtuald\curvesapi\1.04\3386abf821719bc89c7685f9eaafaf4a842f0199\curvesapi-1.04.jar
MD5: 0dcbd9b7e498d1118c920d1d55046743
SHA1: 3386abf821719bc89c7685f9eaafaf4a842f0199
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom url virtuald/curvesapi Highest
Vendor pom artifactid curvesapi Low
Vendor pom description Implementation of various mathematical curves that define themselves over a set of control points. The API is written in Java. The curves supported are: Bezier, B-Spline, Cardinal Spline, Catmull-Rom Spline, Lagrange, Natural Cubic Spline, and NURBS. Low
Vendor jar package name math Low
Vendor central groupid com.github.virtuald Highest
Vendor pom name curvesapi High
Vendor gradle groupid com.github.virtuald Highest
Vendor pom groupid github.virtuald Highest
Vendor file name curvesapi High
Vendor jar package name graphbuilder Low
Product pom artifactid curvesapi Highest
Product gradle artifactid curvesapi Highest
Product pom description Implementation of various mathematical curves that define themselves over a set of control points. The API is written in Java. The curves supported are: Bezier, B-Spline, Cardinal Spline, Catmull-Rom Spline, Lagrange, Natural Cubic Spline, and NURBS. Low
Product jar package name math Low
Product central artifactid curvesapi Highest
Product pom name curvesapi High
Product pom groupid github.virtuald Low
Product file name curvesapi High
Product pom url virtuald/curvesapi High
Version pom version 1.04 Highest
Version file version 1.04 Highest
Version central version 1.04 Highest
guava-20.0.jar
Description:
Guava is a suite of core and expanded libraries that include
utility classes, google's collections, io classes, and much
much more.
Guava has only one code dependency - javax.annotation,
per the JSR-305 spec.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.google.guava\guava\20.0\89507701249388e1ed5ddcf8c41f4ce1be7831ef\guava-20.0.jar
MD5: f32a8a2524620dbecc9f6bf6a20c293f
SHA1: 89507701249388e1ed5ddcf8c41f4ce1be7831ef
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor manifest Bundle-Description Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more. Guava has only one code dependency - javax.annotation, per the JSR-305 spec. Low
Vendor central groupid com.google.guava Highest
Vendor pom parent-groupid com.google.guava Medium
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Vendor Manifest bundle-symbolicname com.google.guava Medium
Vendor Manifest bundle-docurl https://github.com/google/guava/ Low
Vendor gradle groupid com.google.guava Highest
Vendor pom parent-artifactid guava-parent Low
Vendor pom artifactid guava Low
Vendor file name guava High
Vendor pom name Guava: Google Core Libraries for Java High
Vendor pom groupid google.guava Highest
Vendor pom description Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more. Guava has only one code dependency - javax.annotation, per the JSR-305 spec. Low
Product manifest Bundle-Description Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more. Guava has only one code dependency - javax.annotation, per the JSR-305 spec. Low
Product gradle artifactid guava Highest
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Product pom parent-artifactid guava-parent Medium
Product Manifest bundle-symbolicname com.google.guava Medium
Product Manifest bundle-docurl https://github.com/google/guava/ Low
Product pom groupid google.guava Low
Product pom artifactid guava Highest
Product pom parent-groupid com.google.guava Low
Product central artifactid guava Highest
Product Manifest Bundle-Name Guava: Google Core Libraries for Java Medium
Product file name guava High
Product pom name Guava: Google Core Libraries for Java High
Product pom description Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more. Guava has only one code dependency - javax.annotation, per the JSR-305 spec. Low
Version central version 20.0 Highest
Version file version 20.0 Highest
Version pom version 20.0 Highest
commons-beanutils-1.9.3.jar
Description: Apache Commons BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\commons-beanutils\commons-beanutils\1.9.3\c845703de334ddc6b4b3cd26835458cb1cba1f3d\commons-beanutils-1.9.3.jar
MD5: 4a105c9d029a7edc6f2b16567d37eab6
SHA1: c845703de334ddc6b4b3cd26835458cb1cba1f3d
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom artifactid commons-beanutils Low
Vendor Manifest implementation-build tags/BEANUTILS_1_9_3_RC3@r1761785; 2016-09-21 16:19:55+0000 Low
Vendor Manifest bundle-symbolicname org.apache.commons.beanutils Medium
Vendor pom description Apache Commons BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection. Low
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor pom url https://commons.apache.org/proper/commons-beanutils/ Highest
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Vendor Manifest implementation-url https://commons.apache.org/proper/commons-beanutils/ Low
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom parent-groupid org.apache.commons Medium
Vendor pom groupid commons-beanutils Highest
Vendor file name commons-beanutils High
Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-beanutils/ Low
Vendor pom name Apache Commons BeanUtils High
Vendor manifest Bundle-Description Apache Commons BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection. Low
Vendor central groupid commons-beanutils Highest
Vendor pom parent-artifactid commons-parent Low
Vendor gradle groupid commons-beanutils Highest
Product Manifest implementation-build tags/BEANUTILS_1_9_3_RC3@r1761785; 2016-09-21 16:19:55+0000 Low
Product pom parent-groupid org.apache.commons Low
Product gradle artifactid commons-beanutils Highest
Product Manifest bundle-symbolicname org.apache.commons.beanutils Medium
Product Manifest specification-title Apache Commons BeanUtils Medium
Product Manifest Implementation-Title Apache Commons BeanUtils High
Product pom description Apache Commons BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection. Low
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Product Manifest implementation-url https://commons.apache.org/proper/commons-beanutils/ Low
Product file name commons-beanutils High
Product Manifest bundle-docurl https://commons.apache.org/proper/commons-beanutils/ Low
Product pom url https://commons.apache.org/proper/commons-beanutils/ Medium
Product Manifest Bundle-Name Apache Commons BeanUtils Medium
Product pom name Apache Commons BeanUtils High
Product pom parent-artifactid commons-parent Medium
Product pom artifactid commons-beanutils Highest
Product manifest Bundle-Description Apache Commons BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection. Low
Product pom groupid commons-beanutils Low
Product central artifactid commons-beanutils Highest
Version file version 1.9.3 Highest
Version Manifest Implementation-Version 1.9.3 High
Version central version 1.9.3 Highest
Version pom version 1.9.3 Highest
fontbox-2.0.6.jar
Description:
The Apache FontBox library is an open source Java tool to obtain low level information
from font files. FontBox is a subproject of Apache PDFBox.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.pdfbox\fontbox\2.0.6\33f44ea67f1b5ab314e2d5768365b1a3e794fb3b\fontbox-2.0.6.jar
MD5: 531ddd3206dfae487d792261ac6d8d54
SHA1: 33f44ea67f1b5ab314e2d5768365b1a3e794fb3b
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom parent-groupid org.apache.pdfbox Medium
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor gradle groupid org.apache.pdfbox Highest
Vendor Manifest bundle-docurl http://pdfbox.apache.org Low
Vendor Manifest Implementation-Vendor-Id org.apache.pdfbox Medium
Vendor pom name Apache FontBox High
Vendor pom artifactid fontbox Low
Vendor pom description The Apache FontBox library is an open source Java tool to obtain low level information from font files. FontBox is a subproject of Apache PDFBox. Low
Vendor central groupid org.apache.pdfbox Highest
Vendor pom parent-artifactid pdfbox-parent Low
Vendor manifest Bundle-Description The Apache FontBox library is an open source Java tool to obtain low level information from font files. FontBox is a subproject of Apache PDFBox. Low
Vendor Manifest bundle-symbolicname org.apache.pdfbox.fontbox Medium
Vendor pom groupid apache.pdfbox Highest
Vendor file name fontbox High
Vendor pom url http://pdfbox.apache.org/ Highest
Product pom parent-groupid org.apache.pdfbox Low
Product pom artifactid fontbox Highest
Product pom url http://pdfbox.apache.org/ Medium
Product Manifest Bundle-Name Apache FontBox Medium
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Product central artifactid fontbox Highest
Product Manifest bundle-docurl http://pdfbox.apache.org Low
Product pom name Apache FontBox High
Product gradle artifactid fontbox Highest
Product pom description The Apache FontBox library is an open source Java tool to obtain low level information from font files. FontBox is a subproject of Apache PDFBox. Low
Product pom groupid apache.pdfbox Low
Product manifest Bundle-Description The Apache FontBox library is an open source Java tool to obtain low level information from font files. FontBox is a subproject of Apache PDFBox. Low
Product Manifest bundle-symbolicname org.apache.pdfbox.fontbox Medium
Product Manifest Implementation-Title Apache FontBox High
Product pom parent-artifactid pdfbox-parent Medium
Product file name fontbox High
Product Manifest specification-title Apache FontBox Medium
Version pom version 2.0.6 Highest
Version Manifest Implementation-Version 2.0.6 High
Version file version 2.0.6 Highest
Version central version 2.0.6 Highest
batik-css-1.9.jar
Description: Batik CSS engine
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.xmlgraphics\batik-css\1.9\3eb0bdc9dedd2e33e7ace50e01eab16741fcb689\batik-css-1.9.jar
MD5: b639d437fb054a7d20043b8be6d3e0fa
SHA1: 3eb0bdc9dedd2e33e7ace50e01eab16741fcb689
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom artifactid batik-css Low
Vendor jar package name apache Low
Vendor pom description Batik CSS engine Medium
Vendor file name batik-css High
Vendor central groupid org.apache.xmlgraphics Highest
Vendor pom parent-artifactid batik Low
Vendor pom groupid apache.xmlgraphics Highest
Vendor pom parent-groupid org.apache.xmlgraphics Medium
Vendor gradle groupid org.apache.xmlgraphics Highest
Vendor pom name org.apache.xmlgraphics:batik High
Vendor jar package name batik Low
Vendor jar package name css Low
Product gradle artifactid batik-css Highest
Product pom description Batik CSS engine Medium
Product file name batik-css High
Product pom parent-groupid org.apache.xmlgraphics Low
Product pom artifactid batik-css Highest
Product jar package name engine Low
Product pom name org.apache.xmlgraphics:batik High
Product pom parent-artifactid batik Medium
Product jar package name batik Low
Product central artifactid batik-css Highest
Product pom groupid apache.xmlgraphics Low
Product jar package name css Low
Version pom version 1.9 Highest
Version file version 1.9 Highest
Version central version 1.9 Highest
serializer-2.7.2.jar
Description:
Serializer to write out XML, HTML etc. as a stream of characters from an input DOM or from input
SAX events.
File Path: Z:\Gradle\caches\modules-2\files-2.1\xalan\serializer\2.7.2\24247f3bb052ee068971393bdb83e04512bb1c3c\serializer-2.7.2.jar
MD5: e8325763fd4235f174ab7b72ed815db1
SHA1: 24247f3bb052ee068971393bdb83e04512bb1c3c
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name apache Low
Vendor pom groupid xalan Highest
Vendor pom parent-groupid org.apache Medium
Vendor central groupid xalan Highest
Vendor pom parent-artifactid apache Low
Vendor pom description Serializer to write out XML, HTML etc. as a stream of characters from an input DOM or from input SAX events. Low
Vendor manifest: org/apache/xml/serializer/ Implementation-Vendor Apache Software Foundation Medium
Vendor pom url http://xml.apache.org/xalan-j/ Highest
Vendor jar package name xml Low
Vendor manifest: org/apache/xml/serializer/utils/ Implementation-Vendor Apache Software Foundation Medium
Vendor gradle groupid xalan Highest
Vendor jar package name serializer Low
Vendor pom artifactid serializer Low
Vendor file name serializer High
Vendor pom name Xalan Java Serializer High
Product pom description Serializer to write out XML, HTML etc. as a stream of characters from an input DOM or from input SAX events. Low
Product manifest: org/apache/xml/serializer/utils/ Implementation-Title org.apache.xml.serializer.utils Medium
Product pom artifactid serializer Highest
Product pom parent-artifactid apache Medium
Product pom url http://xml.apache.org/xalan-j/ Medium
Product manifest: org/apache/xml/serializer/ Implementation-Title org.apache.xml.serializer Medium
Product jar package name xml Low
Product central artifactid serializer Highest
Product jar package name serializer Low
Product pom groupid xalan Low
Product gradle artifactid serializer Highest
Product pom parent-groupid org.apache Low
Product file name serializer High
Product pom name Xalan Java Serializer High
Product manifest: org/apache/xml/serializer/ Specification-Title XSL Transformations (XSLT), at http://www.w3.org/TR/xslt Medium
Version pom version 2.7.2 Highest
Version central version 2.7.2 Highest
Version file version 2.7.2 Highest
cpe: cpe:/a:apache:xalan-java:2.7.2
Confidence :Low
suppress
maven: xalan:serializer:2.7.2 ✓
Confidence :Highest
protobuf-java-3.1.0.jar
Description:
Core Protocol Buffers library. Protocol Buffers are a way of encoding structured data in an
efficient yet extensible format.
License:
http://www.opensource.org/licenses/bsd-license.php
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.google.protobuf\protobuf-java\3.1.0\e13484d9da178399d32d2d27ee21a77cfb4b7873\protobuf-java-3.1.0.jar
MD5: 6fcd9d8f757eea48ac7f3e1b279f94e8
SHA1: e13484d9da178399d32d2d27ee21a77cfb4b7873
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom groupid google.protobuf Highest
Vendor pom name Protocol Buffers [Core] High
Vendor Manifest bundle-symbolicname com.google.protobuf Medium
Vendor central groupid com.google.protobuf Highest
Vendor Manifest bundle-docurl https://developers.google.com/protocol-buffers/ Low
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Vendor pom description Core Protocol Buffers library. Protocol Buffers are a way of encoding structured data in an efficient yet extensible format. Low
Vendor gradle groupid com.google.protobuf Highest
Vendor pom parent-artifactid protobuf-parent Low
Vendor file name protobuf-java High
Vendor manifest Bundle-Description Core Protocol Buffers library. Protocol Buffers are a way of encoding structured data in an efficient yet extensible format. Low
Vendor pom parent-groupid com.google.protobuf Medium
Vendor pom artifactid protobuf-java Low
Product pom name Protocol Buffers [Core] High
Product Manifest bundle-symbolicname com.google.protobuf Medium
Product Manifest bundle-docurl https://developers.google.com/protocol-buffers/ Low
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Product gradle artifactid protobuf-java Highest
Product pom description Core Protocol Buffers library. Protocol Buffers are a way of encoding structured data in an efficient yet extensible format. Low
Product central artifactid protobuf-java Highest
Product file name protobuf-java High
Product pom groupid google.protobuf Low
Product manifest Bundle-Description Core Protocol Buffers library. Protocol Buffers are a way of encoding structured data in an efficient yet extensible format. Low
Product Manifest Bundle-Name Protocol Buffers [Core] Medium
Product pom artifactid protobuf-java Highest
Product pom parent-groupid com.google.protobuf Low
Product pom parent-artifactid protobuf-parent Medium
Version pom version 3.1.0 Highest
Version central version 3.1.0 Highest
Version file version 3.1.0 Highest
Published Vulnerabilities
CVE-2015-5237 suppress
Severity:
Medium
CVSS Score: 6.5
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
protobuf allows remote authenticated attackers to cause a heap-based buffer overflow.
Vulnerable Software & Versions:
httpmime-4.5.3.jar
Description:
Apache HttpComponents HttpClient - MIME coded entities
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.httpcomponents\httpmime\4.5.3\889fd6d061bb63b99dd5c6aba35a555ae863de52\httpmime-4.5.3.jar
MD5: a00b6287cab2ad554ae3cbdbe983dc88
SHA1: 889fd6d061bb63b99dd5c6aba35a555ae863de52
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor file name httpmime High
Vendor pom url http://hc.apache.org/httpcomponents-client Highest
Vendor pom parent-groupid org.apache.httpcomponents Medium
Vendor gradle groupid org.apache.httpcomponents Highest
Vendor Manifest url http://hc.apache.org/httpcomponents-client Low
Vendor pom artifactid httpmime Low
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor pom name Apache HttpClient Mime High
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom description
Apache HttpComponents HttpClient - MIME coded entities
Medium
Vendor central groupid org.apache.httpcomponents Highest
Vendor pom groupid apache.httpcomponents Highest
Vendor pom parent-artifactid httpcomponents-client Low
Vendor Manifest implementation-build tags/4.5.3-RC1/httpmime@r1779741; 2017-01-21 16:58:35+0100 Low
Product file name httpmime High
Product pom parent-groupid org.apache.httpcomponents Low
Product Manifest url http://hc.apache.org/httpcomponents-client Low
Product pom groupid apache.httpcomponents Low
Product central artifactid httpmime Highest
Product pom name Apache HttpClient Mime High
Product pom description
Apache HttpComponents HttpClient - MIME coded entities
Medium
Product Manifest specification-title HttpComponents Apache HttpClient Mime Medium
Product gradle artifactid httpmime Highest
Product Manifest Implementation-Title HttpComponents Apache HttpClient Mime High
Product pom parent-artifactid httpcomponents-client Medium
Product pom url http://hc.apache.org/httpcomponents-client Medium
Product Manifest implementation-build tags/4.5.3-RC1/httpmime@r1779741; 2017-01-21 16:58:35+0100 Low
Product pom artifactid httpmime Highest
Version file version 4.5.3 Highest
Version Manifest Implementation-Version 4.5.3 High
Version pom version 4.5.3 Highest
Version central version 4.5.3 Highest
woodstox-core-asl-4.4.1.jar
Description: Woodstox is a high-performance XML processor that
implements Stax (JSR-173) and SAX2 APIs
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.codehaus.woodstox\woodstox-core-asl\4.4.1\84fee5eb1a4a1cefe65b6883c73b3fa83be3c1a1\woodstox-core-asl-4.4.1.jar
MD5: 1f53f91f117288fb2ef2e120f27e5498
SHA1: 84fee5eb1a4a1cefe65b6883c73b3fa83be3c1a1
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor file name woodstox-core-asl High
Vendor jar package name ctc Low
Vendor pom name Woodstox High
Vendor Manifest specification-vendor http://jcp.org/en/jsr/detail?id=173 Low
Vendor pom url http://woodstox.codehaus.org Highest
Vendor jar package name wstx Low
Vendor pom organization url http://www.codehaus.org/ Medium
Vendor pom artifactid woodstox-core-asl Low
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.4 Low
Vendor pom organization name Codehaus High
Vendor pom description Woodstox is a high-performance XML processor that
implements Stax (JSR-173) and SAX2 APIs Medium
Vendor central groupid org.codehaus.woodstox Highest
Vendor Manifest bundle-symbolicname woodstox-core-asl Medium
Vendor gradle groupid org.codehaus.woodstox Highest
Vendor pom groupid codehaus.woodstox Highest
Vendor Manifest Implementation-Vendor http://woodstox.codehaus.org High
Product file name woodstox-core-asl High
Product pom name Woodstox High
Product gradle artifactid woodstox-core-asl Highest
Product pom groupid codehaus.woodstox Low
Product pom url http://woodstox.codehaus.org Medium
Product pom organization name Codehaus Low
Product pom organization url http://www.codehaus.org/ Low
Product jar package name wstx Low
Product Manifest bundle-requiredexecutionenvironment J2SE-1.4 Low
Product Manifest Bundle-Name Woodstox XML-processor Medium
Product Manifest Implementation-Title Woodstox XML-processor High
Product pom artifactid woodstox-core-asl Highest
Product pom description Woodstox is a high-performance XML processor that
implements Stax (JSR-173) and SAX2 APIs Medium
Product Manifest specification-title Stax 1.0 API Medium
Product Manifest bundle-symbolicname woodstox-core-asl Medium
Product central artifactid woodstox-core-asl Highest
Version pom version 4.4.1 Highest
Version central version 4.4.1 Highest
Version file version 4.4.1 Highest
Version Manifest Implementation-Version 4.4.1 High
asm-5.1.jar
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.ow2.asm\asm\5.1\5ef31c4fe953b1fd00b8a88fa1d6820e8785bb45\asm-5.1.jar
MD5: 3770466405f163d6616b65c32e16a3cd
SHA1: 5ef31c4fe953b1fd00b8a88fa1d6820e8785bb45
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor Manifest bundle-docurl http://asm.objectweb.org Low
Vendor pom artifactid asm Low
Vendor jar package name asm Low
Vendor Manifest Implementation-Vendor France Telecom R&D High
Vendor central groupid org.ow2.asm Highest
Vendor file name asm High
Vendor Manifest bundle-symbolicname org.objectweb.asm Medium
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.3 Low
Vendor gradle groupid org.ow2.asm Highest
Vendor jar package name objectweb Low
Vendor pom groupid ow2.asm Highest
Vendor pom name ASM Core High
Vendor pom parent-artifactid asm-parent Low
Vendor pom parent-groupid org.ow2.asm Medium
Product Manifest bundle-docurl http://asm.objectweb.org Low
Product pom groupid ow2.asm Low
Product jar package name asm Low
Product file name asm High
Product Manifest bundle-symbolicname org.objectweb.asm Medium
Product Manifest bundle-requiredexecutionenvironment J2SE-1.3 Low
Product gradle artifactid asm Highest
Product pom artifactid asm Highest
Product Manifest Implementation-Title ASM High
Product pom parent-groupid org.ow2.asm Low
Product Manifest Bundle-Name ASM Medium
Product central artifactid asm Highest
Product pom parent-artifactid asm-parent Medium
Product pom name ASM Core High
Version pom version 5.1 Highest
Version central version 5.1 Highest
Version file version 5.1 Highest
Version Manifest Implementation-Version 5.1 High
xercesImpl-2.9.1.jar
File Path: Z:\Gradle\caches\modules-2\files-2.1\xerces\xercesImpl\2.9.1\1136d197e2755bbde296ceee217ec5fe2917477b\xercesImpl-2.9.1.jar
MD5: da09b75b562ca9a8e9a535d2148be8e4
SHA1: 1136d197e2755bbde296ceee217ec5fe2917477b
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor manifest: javax/xml/transform/ Implementation-Vendor Apache Software Foundation Medium
Vendor jar package name apache Low
Vendor manifest: javax/xml/parsers/ Implementation-Vendor Apache Software Foundation Medium
Vendor file name xercesImpl High
Vendor gradle groupid xerces Highest
Vendor manifest: javax/xml/xpath/ Implementation-Vendor Apache Software Foundation Medium
Vendor manifest: org/apache/xerces/impl/Version.class Implementation-Vendor Apache Software Foundation Medium
Vendor manifest: org/apache/xerces/xni/ Implementation-Vendor Apache Software Foundation Medium
Vendor manifest: javax/xml/datatype/ Implementation-Vendor Apache Software Foundation Medium
Vendor manifest: javax/xml/validation/ Implementation-Vendor Apache Software Foundation Medium
Vendor manifest: org/xml/sax/ Implementation-Vendor David Megginson Medium
Vendor manifest: org/w3c/dom/ Implementation-Vendor World Wide Web Consortium Medium
Vendor jar package name xerces Low
Vendor manifest: org/w3c/dom/ls/ Implementation-Vendor World Wide Web Consortium Medium
Product manifest: javax/xml/datatype/ Specification-Title Java API for XML Processing Medium
Product manifest: org/w3c/dom/ls/ Implementation-Title org.w3c.dom.ls Medium
Product manifest: org/xml/sax/ Implementation-Title org.xml.sax Medium
Product gradle artifactid xercesImpl Highest
Product manifest: javax/xml/validation/ Specification-Title Java API for XML Processing Medium
Product manifest: org/w3c/dom/ls/ Specification-Title Document Object Model, Level 3 Load and Save Medium
Product manifest: javax/xml/validation/ Implementation-Title javax.xml.validation Medium
Product manifest: org/apache/xerces/impl/Version.class Implementation-Title org.apache.xerces.impl.Version Medium
Product file name xercesImpl High
Product manifest: org/apache/xerces/xni/ Implementation-Title org.apache.xerces.xni Medium
Product manifest: org/w3c/dom/ Specification-Title Document Object Model, Level 3 Core Medium
Product manifest: org/xml/sax/ Specification-Title Simple API for XML Medium
Product manifest: org/w3c/dom/ Implementation-Title org.w3c.dom Medium
Product manifest: javax/xml/datatype/ Implementation-Title javax.xml.datatype Medium
Product manifest: org/apache/xerces/xni/ Specification-Title Xerces Native Interface Medium
Product manifest: javax/xml/transform/ Specification-Title Java API for XML Processing Medium
Product manifest: javax/xml/parsers/ Implementation-Title javax.xml.parsers Medium
Product manifest: javax/xml/parsers/ Specification-Title Java API for XML Processing Medium
Product manifest: javax/xml/xpath/ Implementation-Title javax.xml.xpath Medium
Product jar package name xerces Low
Product manifest: javax/xml/xpath/ Specification-Title Java API for XML Processing Medium
Product manifest: javax/xml/transform/ Implementation-Title javax.xml.transform Medium
Version manifest: org/apache/xerces/xni/ Implementation-Version 1.2 Medium
Version manifest: org/apache/xerces/impl/Version.class Implementation-Version 2.9.1 Medium
Version manifest: javax/xml/transform/ Implementation-Version 1.3.04 Medium
Version manifest: javax/xml/parsers/ Implementation-Version 1.3.04 Medium
Version file name xercesImpl Medium
Version gradle version 2.9.1 Highest
Version manifest: org/w3c/dom/ Implementation-Version 1.0 Medium
Version manifest: org/xml/sax/ Implementation-Version 2.0.2 Medium
Version file version 2.9.1 Highest
Version manifest: org/w3c/dom/ls/ Implementation-Version 1.0 Medium
Version manifest: javax/xml/validation/ Implementation-Version 1.3.04 Medium
Version manifest: javax/xml/xpath/ Implementation-Version 1.3.04 Medium
Version manifest: javax/xml/datatype/ Implementation-Version 1.3.04 Medium
maven: xerces:xercesImpl:2.9.1
Confidence :Highest
poi-ooxml-schemas-3.17-beta1.jar
Description: Apache POI - Java API To Access Microsoft Format Files
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.poi\poi-ooxml-schemas\3.17-beta1\99811dc063afea4cde813726ba6f45f724bf2c3b\poi-ooxml-schemas-3.17-beta1.jar
MD5: b7b030b06cc81a9a5cb325b5a0ef1244
SHA1: 99811dc063afea4cde813726ba6f45f724bf2c3b
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor gradle groupid org.apache.poi Highest
Vendor jar package name openxmlformats Low
Vendor pom description Apache POI - Java API To Access Microsoft Format Files Medium
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor central groupid org.apache.poi Highest
Vendor pom organization url http://www.apache.org/ Medium
Vendor Manifest Implementation-Vendor-Id org.apache.poi Medium
Vendor pom organization name Apache Software Foundation High
Vendor pom url http://poi.apache.org/ Highest
Vendor pom groupid apache.poi Highest
Vendor pom name Apache POI High
Vendor jar package name schemas Low
Vendor file name poi-ooxml-schemas High
Vendor pom artifactid poi-ooxml-schemas Low
Product gradle artifactid poi-ooxml-schemas Highest
Product pom groupid apache.poi Low
Product pom description Apache POI - Java API To Access Microsoft Format Files Medium
Product Manifest Implementation-Title Apache POI High
Product Manifest specification-title Apache POI Medium
Product central artifactid poi-ooxml-schemas Highest
Product pom organization url http://www.apache.org/ Low
Product jar package name x2006 Low
Product pom artifactid poi-ooxml-schemas Highest
Product pom name Apache POI High
Product pom organization name Apache Software Foundation Low
Product jar package name schemas Low
Product pom url http://poi.apache.org/ Medium
Product file name poi-ooxml-schemas High
Version Manifest Implementation-Version 3.17-beta1 High
Version pom version 3.17-beta1 Highest
Version central version 3.17-beta1 Highest
stax-api-1.0.1.jar
Description: StAX API is the standard java XML processing API defined by JSR-173
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\stax\stax-api\1.0.1\49c100caf72d658aca8e58bd74a4ba90fa2b0d70\stax-api-1.0.1.jar
MD5: 7d436a53c64490bee564c576babb36b4
SHA1: 49c100caf72d658aca8e58bd74a4ba90fa2b0d70
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name javax Low
Vendor jar package name stream Low
Vendor pom url http://stax.codehaus.org/ Highest
Vendor central groupid stax Highest
Vendor gradle groupid stax Highest
Vendor jar package name xml Low
Vendor pom description StAX API is the standard java XML processing API defined by JSR-173 Medium
Vendor Manifest specification-vendor JCP-173 Low
Vendor pom artifactid stax-api Low
Vendor Manifest Implementation-Vendor JCP High
Vendor file name stax-api High
Vendor pom name StAX API High
Vendor pom groupid stax Highest
Product central artifactid stax-api Highest
Product jar package name stream Low
Product pom artifactid stax-api Highest
Product jar package name xml Low
Product pom description StAX API is the standard java XML processing API defined by JSR-173 Medium
Product pom groupid stax Low
Product Manifest specification-title StAX Medium
Product Manifest Implementation-Title StAX 1.0 API High
Product file name stax-api High
Product pom url http://stax.codehaus.org/ Medium
Product gradle artifactid stax-api Highest
Product pom name StAX API High
Version pom version 1.0.1 Highest
Version file version 1.0.1 Highest
Version Manifest Implementation-Version 1.0.1 High
Version central version 1.0.1 Highest
spring-beans-2.5.6.jar
Description: Spring Framework: Beans
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.springframework\spring-beans\2.5.6\449ea46b27426eb846611a90b2fb8b4dcf271191\spring-beans-2.5.6.jar
MD5: 25c0752852205167af8f31a1eb019975
SHA1: 449ea46b27426eb846611a90b2fb8b4dcf271191
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name factory Low
Vendor hint analyzer vendor pivotal software High
Vendor hint analyzer vendor SpringSource High
Vendor pom url http://www.springframework.org Highest
Vendor Manifest bundle-symbolicname org.springframework.beans Medium
Vendor jar package name springframework Low
Vendor pom organization url http://www.springframework.org/ Medium
Vendor pom groupid springframework Highest
Vendor pom name Spring Framework: Beans High
Vendor pom description Spring Framework: Beans Medium
Vendor pom organization name Spring Framework High
Vendor hint analyzer vendor vmware High
Vendor jar package name beans Low
Vendor file name spring-beans High
Vendor central groupid org.springframework Highest
Vendor pom artifactid spring-beans Low
Vendor gradle groupid org.springframework Highest
Product jar package name factory Low
Product pom artifactid spring-beans Highest
Product Manifest bundle-symbolicname org.springframework.beans Medium
Product pom organization url http://www.springframework.org/ Low
Product Manifest Implementation-Title Spring Framework High
Product central artifactid spring-beans Highest
Product pom url http://www.springframework.org Medium
Product pom name Spring Framework: Beans High
Product pom description Spring Framework: Beans Medium
Product gradle artifactid spring-beans Highest
Product Manifest Bundle-Name Spring Beans Medium
Product jar package name beans Low
Product file name spring-beans High
Product pom organization name Spring Framework Low
Product pom groupid springframework Low
Product hint analyzer product springsource_spring_framework High
Version central version 2.5.6 Highest
Version pom version 2.5.6 Highest
Version Manifest Implementation-Version 2.5.6 High
Version file version 2.5.6 Highest
Published Vulnerabilities
CVE-2010-1622 suppress
Severity:
Medium
CVSS Score: 6.0
(AV:N/AC:M/Au:S/C:P/I:P/A:P)
CWE: CWE-94 Improper Control of Generation of Code ('Code Injection')
SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute arbitrary code via an HTTP request containing class.classLoader.URLs[0]=jar: followed by a URL of a crafted .jar file.
Vulnerable Software & Versions: (show all )
CVE-2011-2730 suppress
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-16 Configuration
VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language (EL), evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a (1) name attribute in a (a) spring:hasBindErrors tag; (2) path attribute in a (b) spring:bind or (c) spring:nestedpath tag; (3) arguments, (4) code, (5) text, (6) var, (7) scope, or (8) message attribute in a (d) spring:message or (e) spring:theme tag; or (9) var, (10) scope, or (11) value attribute in a (f) spring:transform tag, aka "Expression Language Injection."
Vulnerable Software & Versions: (show all )
CVE-2013-4152 suppress
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.
Vulnerable Software & Versions: (show all )
CVE-2013-6429 suppress
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315.
Vulnerable Software & Versions: (show all )
CVE-2013-7315 suppress
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152. NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions.
Vulnerable Software & Versions: (show all )
CVE-2014-0054 suppress
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-352
The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429.
Vulnerable Software & Versions: (show all )
CVE-2014-1904 suppress
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action.
Vulnerable Software & Versions: (show all )
CVE-2016-9878 suppress
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.
Vulnerable Software & Versions: (show all )
servlet-api-2.4.jar
File Path: Z:\Gradle\caches\modules-2\files-2.1\javax.servlet\servlet-api\2.4\3fc542fe8bb8164e8d3e840fe7403bc0518053c0\servlet-api-2.4.jar
MD5: f6cf3fde0b992589ed3d87fa9674015f
SHA1: 3fc542fe8bb8164e8d3e840fe7403bc0518053c0
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor jar package name javax Low
Vendor gradle groupid javax.servlet Highest
Vendor manifest: javax/servlet/ Implementation-Vendor Apache Software Foundation Medium
Vendor file name servlet-api High
Vendor central groupid servletapi High
Vendor pom groupid servletapi Highest
Vendor pom artifactid servletapi Low
Vendor jar package name servlet Low
Vendor central groupid javax.servlet High
Product manifest: javax/servlet/ Implementation-Title javax.servlet Medium
Product central artifactid servletapi High
Product pom artifactid servletapi Highest
Product pom groupid servletapi Low
Product file name servlet-api High
Product manifest: javax/servlet/ Specification-Title Java API for Servlets Medium
Product central artifactid servlet-api High
Product gradle artifactid servlet-api Highest
Product jar package name servlet Low
Version pom version 2.4 Highest
Version central version 2.4 High
Version central version 2.4.public_draft High
Version file version 2.4 Highest
jackson-annotations-2.8.0.jar
Description: Core annotations used for value types, used by Jackson data binding package.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.fasterxml.jackson.core\jackson-annotations\2.8.0\45b426f7796b741035581a176744d91090e2e6fb\jackson-annotations-2.8.0.jar
MD5: 288e6537849f0c63e76409b515c4fbe4
SHA1: 45b426f7796b741035581a176744d91090e2e6fb
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor central groupid com.fasterxml.jackson.core Highest
Vendor pom artifactid jackson-annotations Low
Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium
Vendor pom groupid fasterxml.jackson.core Highest
Vendor file name jackson-annotations High
Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-annotations Medium
Vendor manifest Bundle-Description Core annotations used for value types, used by Jackson data binding package. Medium
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Vendor Manifest Implementation-Vendor FasterXML High
Vendor gradle groupid com.fasterxml.jackson.core Highest
Vendor Manifest specification-vendor FasterXML Low
Vendor Manifest bundle-docurl http://github.com/FasterXML/jackson Low
Vendor pom name Jackson-annotations High
Vendor pom parent-groupid com.fasterxml.jackson Medium
Vendor pom parent-artifactid jackson-parent Low
Vendor pom description Core annotations used for value types, used by Jackson data binding package.
Medium
Vendor Manifest implementation-build-date 2016-07-04 05:20:32+0000 Low
Vendor pom url http://github.com/FasterXML/jackson Highest
Product gradle artifactid jackson-annotations Highest
Product file name jackson-annotations High
Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-annotations Medium
Product manifest Bundle-Description Core annotations used for value types, used by Jackson data binding package. Medium
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Product Manifest Bundle-Name Jackson-annotations Medium
Product pom url http://github.com/FasterXML/jackson Medium
Product pom parent-artifactid jackson-parent Medium
Product central artifactid jackson-annotations Highest
Product Manifest bundle-docurl http://github.com/FasterXML/jackson Low
Product pom name Jackson-annotations High
Product pom artifactid jackson-annotations Highest
Product pom groupid fasterxml.jackson.core Low
Product pom description Core annotations used for value types, used by Jackson data binding package.
Medium
Product Manifest specification-title Jackson-annotations Medium
Product Manifest Implementation-Title Jackson-annotations High
Product Manifest implementation-build-date 2016-07-04 05:20:32+0000 Low
Product pom parent-groupid com.fasterxml.jackson Low
Version pom version 2.8.0 Highest
Version file version 2.8.0 Highest
Version Manifest Implementation-Version 2.8.0 High
Version central version 2.8.0 Highest
jackson-core-2.8.9.jar
Description: Core Jackson abstractions, basic JSON streaming API implementation
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\com.fasterxml.jackson.core\jackson-core\2.8.9\569b1752705da98f49aabe2911cc956ff7d8ed9d\jackson-core-2.8.9.jar
MD5: 99213f4905cdaa83dc8cf19718bdc4c5
SHA1: 569b1752705da98f49aabe2911cc956ff7d8ed9d
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor central groupid com.fasterxml.jackson.core Highest
Vendor manifest Bundle-Description Core Jackson abstractions, basic JSON streaming API implementation Medium
Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-core Medium
Vendor Manifest implementation-build-date 2017-06-12 00:43:00+0000 Low
Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium
Vendor pom name Jackson-core High
Vendor file name jackson-core High
Vendor pom groupid fasterxml.jackson.core Highest
Vendor pom artifactid jackson-core Low
Vendor pom url FasterXML/jackson-core Highest
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Vendor Manifest Implementation-Vendor FasterXML High
Vendor gradle groupid com.fasterxml.jackson.core Highest
Vendor Manifest specification-vendor FasterXML Low
Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson-core Low
Vendor pom description Core Jackson abstractions, basic JSON streaming API implementation Medium
Vendor pom parent-groupid com.fasterxml.jackson Medium
Vendor pom parent-artifactid jackson-parent Low
Product manifest Bundle-Description Core Jackson abstractions, basic JSON streaming API implementation Medium
Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-core Medium
Product Manifest implementation-build-date 2017-06-12 00:43:00+0000 Low
Product pom name Jackson-core High
Product central artifactid jackson-core Highest
Product file name jackson-core High
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low
Product Manifest specification-title Jackson-core Medium
Product pom artifactid jackson-core Highest
Product pom parent-artifactid jackson-parent Medium
Product Manifest bundle-docurl https://github.com/FasterXML/jackson-core Low
Product pom description Core Jackson abstractions, basic JSON streaming API implementation Medium
Product Manifest Bundle-Name Jackson-core Medium
Product pom url FasterXML/jackson-core High
Product pom groupid fasterxml.jackson.core Low
Product Manifest Implementation-Title Jackson-core High
Product gradle artifactid jackson-core Highest
Product pom parent-groupid com.fasterxml.jackson Low
Version file version 2.8.9 Highest
Version central version 2.8.9 Highest
Version Manifest Implementation-Version 2.8.9 High
Version pom version 2.8.9 Highest
juel-spi-2.2.7.jar
File Path: Z:\Gradle\caches\modules-2\files-2.1\de.odysseus.juel\juel-spi\2.2.7\ca146332a93720784f24a5a24bb71c6d545133bd\juel-spi-2.2.7.jar
MD5: a4df3c8482a97ae937081b7d0ab407bb
SHA1: ca146332a93720784f24a5a24bb71c6d545133bd
Referenced In Projects/Scopes:
Evidence
Type Source Name Value Confidence
Vendor pom artifactid juel-spi Low
Vendor central groupid de.odysseus.juel Highest
Vendor Manifest Implementation-Vendor-Id de.odysseus Medium
Vendor pom name Java Unified Expression Language Service Provider High
Vendor pom groupid de.odysseus.juel Highest
Vendor gradle groupid de.odysseus.juel Highest
Vendor file name juel-spi High
Vendor Manifest specification-vendor Sun Microsystems Inc. Low
Vendor Manifest Implementation-Vendor Odysseus Software GmbH High
Vendor pom parent-artifactid juel-parent Low
Product pom artifactid juel-spi Highest
Product gradle artifactid juel-spi Highest
Product pom name Java Unified Expression Language Service Provider High
Product Manifest specification-title Expression Language Medium
Product pom groupid de.odysseus.juel Low
Product central artifactid juel-spi Highest
Product file name juel-spi High
Product pom parent-artifactid juel-parent Medium
Product Manifest Implementation-Title JUEL High
Version file version 2.2.7 Highest
Version central version 2.2.7 Highest
Version Manifest Implementation-Version 2.2.7 High
Version pom version 2.2.7 Highest
barcode4j-fop-ext-2.1.jar
Description: Barcode4J is a flexible generator for barcodes written in Java.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\net.sf.barcode4j\barcode4j-fop-ext\2.1\38749ed6e6412628c45d5ba344a0ab796e6807f9\barcode4j-fop-ext-2.1.jar
MD5: c78625e84ca0fd2853cf327505d99396
SHA1: 38749ed6e6412628c45d5ba344a0ab796e6807f9
Referenced In Projects/Scopes:
Evidence
Type Source Name Value Confidence
Vendor central groupid net.sf.barcode4j Highest
Vendor jar package name krysalis Low
Vendor pom description Barcode4J is a flexible generator for barcodes written in Java. Medium
Vendor gradle groupid net.sf.barcode4j Highest
Vendor file name barcode4j-fop-ext High
Vendor pom artifactid barcode4j-fop-ext Low
Vendor pom url http://barcode4j.sourceforge.net/ Highest
Vendor Manifest implementation-url http://barcode4j.sourceforge.net Low
Vendor jar package name barcode4j Low
Vendor Manifest Implementation-Vendor The Barcode4J Project High
Vendor pom groupid net.sf.barcode4j Highest
Vendor jar package name image Low
Vendor pom name Barcode4J extensions for Apache FOP 0.93 and later High
Product pom artifactid barcode4j-fop-ext Highest
Product jar package name loader Low
Product pom description Barcode4J is a flexible generator for barcodes written in Java. Medium
Product file name barcode4j-fop-ext High
Product gradle artifactid barcode4j-fop-ext Highest
Product Manifest implementation-url http://barcode4j.sourceforge.net Low
Product jar package name barcode4j Low
Product pom url http://barcode4j.sourceforge.net/ Medium
Product Manifest Implementation-Title Barcode4J Library High
Product pom groupid net.sf.barcode4j Low
Product jar package name image Low
Product pom name Barcode4J extensions for Apache FOP 0.93 and later High
Product central artifactid barcode4j-fop-ext Highest
Version central version 2.1 Highest
Version Manifest Implementation-Version 2.1.0 High
Version file version 2.1 Highest
Version pom version 2.1 Highest
barcode4j-2.1.jar
Description: Barcode4J is a flexible generator for barcodes written in Java.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\net.sf.barcode4j\barcode4j\2.1\4b38b2219c0d522fcea8238493f2ea3e238ef529\barcode4j-2.1.jar
MD5: 4fc30cdb7b1abaf1ce08f26b0666e351
SHA1: 4b38b2219c0d522fcea8238493f2ea3e238ef529
Referenced In Projects/Scopes:
Evidence
Type Source Name Value Confidence
Vendor pom url http://barcode4j.sourceforge.net Highest
Vendor central groupid net.sf.barcode4j Highest
Vendor jar package name krysalis Low
Vendor pom name Barcode4J High
Vendor Manifest bundle-docurl http://barcode4j.sourceforge.net Low
Vendor pom description Barcode4J is a flexible generator for barcodes written in Java. Medium
Vendor gradle groupid net.sf.barcode4j Highest
Vendor Manifest implementation-url http://barcode4j.sourceforge.net Low
Vendor pom artifactid barcode4j Low
Vendor jar package name barcode4j Low
Vendor Manifest Implementation-Vendor The Barcode4J Project High
Vendor Manifest bundle-symbolicname org.krysalis.barcode4j Medium
Vendor pom groupid net.sf.barcode4j Highest
Vendor jar package name impl Low
Vendor file name barcode4j High
Product pom artifactid barcode4j Highest
Product central artifactid barcode4j Highest
Product pom name Barcode4J High
Product Manifest bundle-docurl http://barcode4j.sourceforge.net Low
Product Manifest Bundle-Name Barcode4J Medium
Product pom description Barcode4J is a flexible generator for barcodes written in Java. Medium
Product Manifest implementation-url http://barcode4j.sourceforge.net Low
Product gradle artifactid barcode4j Highest
Product jar package name barcode4j Low
Product pom url http://barcode4j.sourceforge.net Medium
Product Manifest bundle-symbolicname org.krysalis.barcode4j Medium
Product Manifest Implementation-Title Barcode4J Library High
Product pom groupid net.sf.barcode4j Low
Product jar package name impl Low
Product file name barcode4j High
Version central version 2.1 Highest
Version Manifest Implementation-Version 2.1.0 High
Version file version 2.1 Highest
Version pom version 2.1 Highest
axis2-transport-http-1.7.1.jar
Description: This inclues all the available transports in Axis2
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.axis2\axis2-transport-http\1.7.1\54b345d733908b3fc830ac87ede303ec2b7d8c3b\axis2-transport-http-1.7.1.jar
MD5: 58ea78d154f92057c9644f21e99e91c8
SHA1: 54b345d733908b3fc830ac87ede303ec2b7d8c3b
Referenced In Projects/Scopes:
Evidence
Type Source Name Value Confidence
Vendor central groupid org.apache.axis2 Highest
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor Manifest Implementation-Vendor-Id org.apache.axis2 Medium
Vendor pom description This inclues all the available transports in Axis2 Medium
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom parent-groupid org.apache.axis2 Medium
Vendor file name axis2-transport-http High
Vendor pom artifactid axis2-transport-http Low
Vendor gradle groupid org.apache.axis2 Highest
Vendor pom url http://axis.apache.org/axis2/java/core/ Highest
Vendor pom parent-artifactid axis2 Low
Vendor pom groupid apache.axis2 Highest
Vendor pom name Apache Axis2 - Transport - HTTP High
Product Manifest Implementation-Title Apache Axis2 - Transport - HTTP High
Product pom url http://axis.apache.org/axis2/java/core/ Medium
Product Manifest specification-title Apache Axis2 - Transport - HTTP Medium
Product gradle artifactid axis2-transport-http Highest
Product pom groupid apache.axis2 Low
Product pom description This inclues all the available transports in Axis2 Medium
Product file name axis2-transport-http High
Product pom parent-groupid org.apache.axis2 Low
Product pom artifactid axis2-transport-http Highest
Product pom parent-artifactid axis2 Medium
Product pom name Apache Axis2 - Transport - HTTP High
Product central artifactid axis2-transport-http Highest
Version file version 1.7.1 Highest
Version central version 1.7.1 Highest
Version Manifest Implementation-Version 1.7.1 High
Version pom version 1.7.1 Highest
Published Vulnerabilities
CVE-2012-4418 suppress
Severity:
Medium
CVSS Score: 5.8
(AV:N/AC:M/Au:N/C:P/I:P/A:N)
CWE: CWE-287 Improper Authentication
Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
Vulnerable Software & Versions:
CVE-2012-5351 suppress
Severity:
Medium
CVSS Score: 6.4
(AV:N/AC:L/Au:N/C:P/I:P/A:N)
CWE: CWE-287 Improper Authentication
Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
Vulnerable Software & Versions:
axis2-transport-local-1.7.1.jar
Description: This inclues all the available transports in Axis2
License:
http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.axis2\axis2-transport-local\1.7.1\cfda1532e74015dd978b3d046b19a2749ac300b1\axis2-transport-local-1.7.1.jar
MD5: 64540c40f6be6421a7e5db8ab7446c5d
SHA1: cfda1532e74015dd978b3d046b19a2749ac300b1
Referenced In Projects/Scopes:
Evidence
Type Source Name Value Confidence
Vendor pom name Apache Axis2 - Transport - Local High
Vendor central groupid org.apache.axis2 Highest
Vendor file name axis2-transport-local High
Vendor pom description This inclues all the available transports in Axis2 Medium
Vendor pom parent-groupid org.apache.axis2 Medium
Vendor Manifest bundle-docurl http://www.apache.org/ Low
Vendor gradle groupid org.apache.axis2 Highest
Vendor pom url http://axis.apache.org/axis2/java/core/ Highest
Vendor pom parent-artifactid axis2 Low
Vendor Manifest bundle-symbolicname axis2-transport-local Medium
Vendor pom groupid apache.axis2 Highest
Vendor manifest Bundle-Description This inclues all the available transports in Axis2 Medium
Vendor pom artifactid axis2-transport-local Low
Product pom name Apache Axis2 - Transport - Local High
Product pom url http://axis.apache.org/axis2/java/core/ Medium
Product file name axis2-transport-local High
Product gradle artifactid axis2-transport-local Highest
Product pom groupid apache.axis2 Low
Product pom description This inclues all the available transports in Axis2 Medium
Product central artifactid axis2-transport-local Highest
Product Manifest bundle-docurl http://www.apache.org/ Low
Product Manifest Bundle-Name axis2-transport-local Medium
Product pom parent-groupid org.apache.axis2 Low
Product Manifest bundle-symbolicname axis2-transport-local Medium
Product pom artifactid axis2-transport-local Highest
Product manifest Bundle-Description This inclues all the available transports in Axis2 Medium
Product pom parent-artifactid axis2 Medium
Version file version 1.7.1 Highest
Version central version 1.7.1 Highest
Version pom version 1.7.1 Highest
Published Vulnerabilities
CVE-2012-4418 suppress
Severity:
Medium
CVSS Score: 5.8
(AV:N/AC:M/Au:N/C:P/I:P/A:N)
CWE: CWE-287 Improper Authentication
Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
Vulnerable Software & Versions:
CVE-2012-5351 suppress
Severity:
Medium
CVSS Score: 6.4
(AV:N/AC:L/Au:N/C:P/I:P/A:N)
CWE: CWE-287 Improper Authentication
Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
Vulnerable Software & Versions:
derby-10.14.1.0.jar
Description: Contains the core Apache Derby database engine, which also includes the embedded JDBC driver.
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.derby\derby\10.14.1.0\3bcd8b1af3f8cd022d54d331e00064776be04f9c\derby-10.14.1.0.jar
MD5: 798a9e88c1c8146aa74e0686d2ad5598
SHA1: 3bcd8b1af3f8cd022d54d331e00064776be04f9c
Referenced In Projects/Scopes:
Evidence
Type Source Name Value Confidence
Vendor gradle groupid org.apache.derby Highest
Vendor pom description Contains the core Apache Derby database engine, which also includes the embedded JDBC driver. Medium
Vendor jar package name apache Low
Vendor pom artifactid derby Low
Vendor file name derby High
Vendor jar package name derby Low
Vendor pom parent-artifactid derby-project Low
Vendor Manifest bundle-symbolicname derby Medium
Vendor pom name Apache Derby Database Engine and Embedded JDBC Driver High
Vendor pom parent-groupid org.apache.derby Medium
Vendor pom groupid apache.derby Highest
Vendor central groupid org.apache.derby Highest
Vendor pom url http://db.apache.org/derby/ Highest
Vendor jar package name impl Low
Product pom description Contains the core Apache Derby database engine, which also includes the embedded JDBC driver. Medium
Product gradle artifactid derby Highest
Product pom parent-groupid org.apache.derby Low
Product file name derby High
Product Manifest Bundle-Name Apache Derby 10.14 Medium
Product pom groupid apache.derby Low
Product pom parent-artifactid derby-project Medium
Product jar package name derby Low
Product Manifest bundle-symbolicname derby Medium
Product pom artifactid derby Highest
Product pom name Apache Derby Database Engine and Embedded JDBC Driver High
Product central artifactid derby Highest
Product pom url http://db.apache.org/derby/ Medium
Product jar package name impl Low
Version file version 10.14.1.0 Highest
Version pom version 10.14.1.0 Highest
Version central version 10.14.1.0 Highest
geronimo-jaxrpc_1.1_spec-1.1.jar
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.geronimo.specs\geronimo-jaxrpc_1.1_spec\1.1\b0b1d499b5c7f53ed65fa1aadd6cfaf743480e1b\geronimo-jaxrpc_1.1_spec-1.1.jar
MD5: ee8d28584b602a03da5f9b4c068b2d53
SHA1: b0b1d499b5c7f53ed65fa1aadd6cfaf743480e1b
Referenced In Projects/Scopes:
Evidence
Type Source Name Value Confidence
Vendor pom name JAXRPC 1.1 High
Vendor jar package name javax Low
Vendor pom parent-artifactid specs Low
Vendor central groupid org.apache.geronimo.specs Highest
Vendor pom parent-groupid org.apache.geronimo.specs Medium
Vendor pom artifactid geronimo-jaxrpc_1.1_spec Low
Vendor jar package name rpc Low
Vendor gradle groupid org.apache.geronimo.specs Highest
Vendor pom groupid apache.geronimo.specs Highest
Vendor file name geronimo-jaxrpc_1.1_spec-1.1 High
Vendor jar package name xml Low
Product pom name JAXRPC 1.1 High
Product central artifactid geronimo-jaxrpc_1.1_spec Highest
Product pom artifactid geronimo-jaxrpc_1.1_spec Highest
Product gradle artifactid geronimo-jaxrpc_1.1_spec Highest
Product pom parent-artifactid specs Medium
Product pom groupid apache.geronimo.specs Low
Product jar package name rpc Low
Product file name geronimo-jaxrpc_1.1_spec-1.1 High
Product pom parent-groupid org.apache.geronimo.specs Low
Product jar package name xml Low
Version central version 1.1 Highest
Version pom version 1.1 Highest
Version gradle version 1.1 Highest
Version pom parent-version 1.1 Low
log4j-1.2-api-2.9.1.jar
Description: The Apache Log4j 1.x Compatibility API
License:
https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.logging.log4j\log4j-1.2-api\2.9.1\894f96d677880d4ab834a1356f62b875e579caaa\log4j-1.2-api-2.9.1.jar
MD5: eefa95ef2969b469e09aef2acc06c834
SHA1: 894f96d677880d4ab834a1356f62b875e579caaa
Referenced In Projects/Scopes:
Evidence
Type Source Name Value Confidence
Vendor pom groupid apache.logging.log4j Highest
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor Manifest log4jreleasemanager Ralph Goers Low
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor pom parent-groupid org.apache.logging.log4j Medium
Vendor pom description The Apache Log4j 1.x Compatibility API Medium
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom artifactid log4j-1.2-api Low
Vendor gradle groupid org.apache.logging.log4j Highest
Vendor Manifest bundle-symbolicname org.apache.logging.log4j.1.2-api Medium
Vendor Manifest bundle-docurl https://www.apache.org/ Low
Vendor file name log4j-1.2-api-2.9.1 High
Vendor pom parent-artifactid log4j Low
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Vendor manifest Bundle-Description The Apache Log4j 1.x Compatibility API Medium
Vendor pom name Apache Log4j 1.x Compatibility API High
Vendor central groupid org.apache.logging.log4j Highest
Vendor Manifest implementation-url https://logging.apache.org/log4j/2.x/log4j-1.2-api/ Low
Product Manifest log4jreleasemanager Ralph Goers Low
Product gradle artifactid log4j-1.2-api Highest
Product pom description The Apache Log4j 1.x Compatibility API Medium
Product pom parent-groupid org.apache.logging.log4j Low
Product pom parent-artifactid log4j Medium
Product Manifest bundle-symbolicname org.apache.logging.log4j.1.2-api Medium
Product Manifest bundle-docurl https://www.apache.org/ Low
Product pom groupid apache.logging.log4j Low
Product file name log4j-1.2-api-2.9.1 High
Product Manifest specification-title Apache Log4j 1.x Compatibility API Medium
Product Manifest Implementation-Title Apache Log4j 1.x Compatibility API High
Product central artifactid log4j-1.2-api Highest
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Product manifest Bundle-Description The Apache Log4j 1.x Compatibility API Medium
Product Manifest Bundle-Name Apache Log4j 1.x Compatibility API Medium
Product pom name Apache Log4j 1.x Compatibility API High
Product Manifest implementation-url https://logging.apache.org/log4j/2.x/log4j-1.2-api/ Low
Product pom artifactid log4j-1.2-api Highest
Version Manifest Implementation-Version 2.9.1 High
Version pom version 2.9.1 Highest
Version central version 2.9.1 Highest
log4j-core-2.9.1.jar
Description: The Apache Log4j Implementation
License:
https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.logging.log4j\log4j-core\2.9.1\c041978c686866ee8534f538c6220238db3bb6be\log4j-core-2.9.1.jar
MD5: 942f429eacb8015e18d8f59996cfbee6
SHA1: c041978c686866ee8534f538c6220238db3bb6be
Referenced In Projects/Scopes:
Evidence
Type Source Name Value Confidence
Vendor pom artifactid log4j-core Low
Vendor pom groupid apache.logging.log4j Highest
Vendor manifest Bundle-Description The Apache Log4j Implementation Medium
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor Manifest log4jreleasemanager Ralph Goers Low
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor pom parent-groupid org.apache.logging.log4j Medium
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor Manifest bundle-symbolicname org.apache.logging.log4j.core Medium
Vendor gradle groupid org.apache.logging.log4j Highest
Vendor Manifest bundle-docurl https://www.apache.org/ Low
Vendor pom parent-artifactid log4j Low
Vendor pom name Apache Log4j Core High
Vendor pom description The Apache Log4j Implementation Medium
Vendor file name log4j-core High
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Vendor central groupid org.apache.logging.log4j Highest
Vendor Manifest implementation-url https://logging.apache.org/log4j/2.x/log4j-core/ Low
Product manifest Bundle-Description The Apache Log4j Implementation Medium
Product Manifest log4jreleasemanager Ralph Goers Low
Product Manifest Implementation-Title Apache Log4j Core High
Product Manifest bundle-symbolicname org.apache.logging.log4j.core Medium
Product pom parent-groupid org.apache.logging.log4j Low
Product pom parent-artifactid log4j Medium
Product Manifest specification-title Apache Log4j Core Medium
Product Manifest bundle-docurl https://www.apache.org/ Low
Product pom groupid apache.logging.log4j Low
Product central artifactid log4j-core Highest
Product pom artifactid log4j-core Highest
Product pom name Apache Log4j Core High
Product pom description The Apache Log4j Implementation Medium
Product file name log4j-core High
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Product Manifest Bundle-Name Apache Log4j Core Medium
Product gradle artifactid log4j-core Highest
Product Manifest implementation-url https://logging.apache.org/log4j/2.x/log4j-core/ Low
Version Manifest Implementation-Version 2.9.1 High
Version pom version 2.9.1 Highest
Version central version 2.9.1 Highest
Version file version 2.9.1 Highest
log4j-jul-2.9.1.jar
Description: The Apache Log4j implementation of java.util.logging
License:
https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.logging.log4j\log4j-jul\2.9.1\20950ce865fde280a81b99787dd5b66bf5ea571f\log4j-jul-2.9.1.jar
MD5: a4eef3268c4a641ad97de87b89cef043
SHA1: 20950ce865fde280a81b99787dd5b66bf5ea571f
Referenced In Projects/Scopes:
Evidence
Type Source Name Value Confidence
Vendor pom description The Apache Log4j implementation of java.util.logging Medium
Vendor pom artifactid log4j-jul Low
Vendor pom groupid apache.logging.log4j Highest
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor Manifest log4jreleasemanager Ralph Goers Low
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor pom parent-groupid org.apache.logging.log4j Medium
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor Manifest implementation-url https://logging.apache.org/log4j/2.x/log4j-jul/ Low
Vendor pom name Apache Log4j JUL Adapter High
Vendor gradle groupid org.apache.logging.log4j Highest
Vendor Manifest bundle-docurl https://www.apache.org/ Low
Vendor manifest Bundle-Description The Apache Log4j implementation of java.util.logging Medium
Vendor pom parent-artifactid log4j Low
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Vendor file name log4j-jul High
Vendor Manifest bundle-symbolicname org.apache.logging.log4j.jul Medium
Vendor central groupid org.apache.logging.log4j Highest
Product Manifest Bundle-Name Apache Log4j JUL Adapter Medium
Product gradle artifactid log4j-jul Highest
Product pom description The Apache Log4j implementation of java.util.logging Medium
Product Manifest Implementation-Title Apache Log4j JUL Adapter High
Product Manifest log4jreleasemanager Ralph Goers Low
Product pom parent-groupid org.apache.logging.log4j Low
Product Manifest implementation-url https://logging.apache.org/log4j/2.x/log4j-jul/ Low
Product pom parent-artifactid log4j Medium
Product pom name Apache Log4j JUL Adapter High
Product pom artifactid log4j-jul Highest
Product Manifest bundle-docurl https://www.apache.org/ Low
Product pom groupid apache.logging.log4j Low
Product manifest Bundle-Description The Apache Log4j implementation of java.util.logging Medium
Product central artifactid log4j-jul Highest
Product Manifest specification-title Apache Log4j JUL Adapter Medium
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Product file name log4j-jul High
Product Manifest bundle-symbolicname org.apache.logging.log4j.jul Medium
Version Manifest Implementation-Version 2.9.1 High
Version pom version 2.9.1 Highest
Version central version 2.9.1 Highest
Version file version 2.9.1 Highest
log4j-slf4j-impl-2.9.1.jar
Description: The Apache Log4j SLF4J API binding to Log4j 2 Core
License:
https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.logging.log4j\log4j-slf4j-impl\2.9.1\a97a849b18b3798c4af1a2ca5b10c66cef17e3a\log4j-slf4j-impl-2.9.1.jar
MD5: efe1d1f6d8e4ead7710d1481144702b8
SHA1: 0a97a849b18b3798c4af1a2ca5b10c66cef17e3a
Referenced In Projects/Scopes:
Evidence
Type Source Name Value Confidence
Vendor Manifest implementation-url https://logging.apache.org/log4j/2.x/log4j-slf4j-impl/ Low
Vendor Manifest bundle-symbolicname org.apache.logging.log4j.slf4j-impl Medium
Vendor pom groupid apache.logging.log4j Highest
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor Manifest log4jreleasemanager Ralph Goers Low
Vendor Manifest Implementation-Vendor-Id org.apache Medium
Vendor pom parent-groupid org.apache.logging.log4j Medium
Vendor file name log4j-slf4j-impl High
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom description The Apache Log4j SLF4J API binding to Log4j 2 Core Medium
Vendor gradle groupid org.apache.logging.log4j Highest
Vendor Manifest bundle-docurl https://www.apache.org/ Low
Vendor pom name Apache Log4j SLF4J Binding High
Vendor pom parent-artifactid log4j Low
Vendor pom artifactid log4j-slf4j-impl Low
Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Vendor central groupid org.apache.logging.log4j Highest
Vendor manifest Bundle-Description The Apache Log4j SLF4J API binding to Log4j 2 Core Medium
Product Manifest implementation-url https://logging.apache.org/log4j/2.x/log4j-slf4j-impl/ Low
Product Manifest bundle-symbolicname org.apache.logging.log4j.slf4j-impl Medium
Product pom artifactid log4j-slf4j-impl Highest
Product central artifactid log4j-slf4j-impl Highest
Product Manifest log4jreleasemanager Ralph Goers Low
Product file name log4j-slf4j-impl High
Product pom parent-groupid org.apache.logging.log4j Low
Product pom description The Apache Log4j SLF4J API binding to Log4j 2 Core Medium
Product gradle artifactid log4j-slf4j-impl Highest
Product pom parent-artifactid log4j Medium
Product Manifest specification-title Apache Log4j SLF4J Binding Medium
Product Manifest bundle-docurl https://www.apache.org/ Low
Product pom groupid apache.logging.log4j Low
Product pom name Apache Log4j SLF4J Binding High
Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low
Product Manifest Bundle-Name Apache Log4j SLF4J Binding Medium
Product manifest Bundle-Description The Apache Log4j SLF4J API binding to Log4j 2 Core Medium
Product Manifest Implementation-Title Apache Log4j SLF4J Binding High
Version Manifest Implementation-Version 2.9.1 High
Version pom version 2.9.1 Highest
Version central version 2.9.1 Highest
Version file version 2.9.1 Highest
batik-all-1.8pre-r1084380.jar
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.codeartisans.thirdparties.swing\batik-all\1.8pre-r1084380\2898c85b844ad4db731d8dbd7bac395bece5bead\batik-all-1.8pre-r1084380.jar
MD5: 6b971c2c943d0d398744774c3df092bc
SHA1: 2898c85b844ad4db731d8dbd7bac395bece5bead
Referenced In Projects/Scopes:
Evidence
Type Source Name Value Confidence
Vendor pom parent-groupid org.codeartisans.thirdparties.swing Medium
Vendor jar package name apache Low
Vendor pom parent-artifactid thirdparty-swing-parent Low
Vendor pom groupid codeartisans.thirdparties.swing Highest
Vendor gradle groupid org.codeartisans.thirdparties.swing Highest
Vendor file name batik-all High
Vendor jar package name batik Low
Vendor pom name ${project.artifactId} High
Vendor pom artifactid batik-all Low
Vendor Manifest Implementation-Vendor The Apache Software Foundation (http://xmlgraphics.apache.org/batik/) High
Vendor central groupid org.codeartisans.thirdparties.swing Highest
Product gradle artifactid batik-all Highest
Product central artifactid batik-all Highest
Product pom parent-groupid org.codeartisans.thirdparties.swing Low
Product file name batik-all High
Product jar package name batik Low
Product pom name ${project.artifactId} High
Product Manifest Implementation-Title Batik all-in-one JAR High
Product pom parent-artifactid thirdparty-swing-parent Medium
Product pom artifactid batik-all Highest
Product pom groupid codeartisans.thirdparties.swing Low
Version pom version 1.8pre-r1084380 Highest
Version central version 1.8pre-r1084380 Highest
Version Manifest Implementation-Version 1.8pre+r1084380 High
avalon-framework-impl-4.2.0.jar
File Path: Z:\Gradle\caches\modules-2\files-2.1\avalon-framework\avalon-framework-impl\4.2.0\4da1db18947eb6950abb7ad79253011b9aec0e48\avalon-framework-impl-4.2.0.jar
MD5: 5c1f8f5c8c6c043538fc4ea038c2aaf6
SHA1: 4da1db18947eb6950abb7ad79253011b9aec0e48
Referenced In Projects/Scopes:
Evidence
Type Source Name Value Confidence
Vendor pom artifactid avalon-framework-impl Low
Vendor jar package name apache Low
Vendor Manifest specification-vendor The Apache Software Foundation Low
Vendor Manifest extension-name avalon-framework-impl Medium
Vendor file name avalon-framework-impl High
Vendor gradle groupid avalon-framework Highest
Vendor Manifest Implementation-Vendor The Apache Software Foundation High
Vendor pom groupid avalon-framework Highest
Vendor central groupid avalon-framework Highest
Vendor jar package name framework Low
Vendor jar package name avalon Low
Product Manifest Implementation-Title High
Product Manifest specification-title Avalon Framework Implementation Medium
Product pom artifactid avalon-framework-impl Highest
Product gradle artifactid avalon-framework-impl Highest
Product Manifest extension-name avalon-framework-impl Medium
Product file name avalon-framework-impl High
Product central artifactid avalon-framework-impl Highest
Product jar package name framework Low
Product pom groupid avalon-framework Low
Product jar package name avalon Low
Version central version 4.2.0 Highest
Version file version 4.2.0 Highest
Version pom version 4.2.0 Highest
Version Manifest Implementation-Version 4.2.0 High
slf4j-api-1.7.25.jar
Description: The slf4j API
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.slf4j\slf4j-api\1.7.25\da76ca59f6a57ee3102f8f9bd9cee742973efa8a\slf4j-api-1.7.25.jar
MD5: caafe376afb7086dcbee79f780394ca3
SHA1: da76ca59f6a57ee3102f8f9bd9cee742973efa8a
Referenced In Projects/Scopes:
Evidence
Type Source Name Value Confidence
Vendor pom parent-artifactid slf4j-parent Low
Vendor pom groupid slf4j Highest
Vendor pom artifactid slf4j-api Low
Vendor manifest Bundle-Description The slf4j API Medium
Vendor pom name SLF4J API Module High
Vendor file name slf4j-api High
Vendor pom parent-groupid org.slf4j Medium
Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Vendor pom description The slf4j API Medium
Vendor pom url http://www.slf4j.org Highest
Vendor central groupid org.slf4j Highest
Vendor Manifest bundle-symbolicname slf4j.api Medium
Vendor gradle groupid org.slf4j Highest
Product manifest Bundle-Description The slf4j API Medium
Product pom name SLF4J API Module High
Product file name slf4j-api High
Product pom parent-groupid org.slf4j Low
Product gradle artifactid slf4j-api Highest
Product pom url http://www.slf4j.org Medium
Product pom groupid slf4j Low
Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low
Product pom description The slf4j API Medium
Product central artifactid slf4j-api Highest
Product Manifest Bundle-Name slf4j-api Medium
Product Manifest bundle-symbolicname slf4j.api Medium
Product Manifest Implementation-Title slf4j-api High
Product pom artifactid slf4j-api Highest
Product pom parent-artifactid slf4j-parent Medium
Version central version 1.7.25 Highest
Version pom version 1.7.25 Highest
Version Manifest Implementation-Version 1.7.25 High
Version file version 1.7.25 Highest
xml-apis-2.0.2.jar
Description: xml-commons provides an Apache-hosted set of DOM, SAX, and
JAXP interfaces for use in other xml-based projects. Our hope is that we
can standardize on both a common version and packaging scheme for these
critical XML standards interfaces to make the lives of both our developers
and users easier. The External Components portion of xml-commons contains
interfaces that are defined by external standards organizations. For DOM,
that's the W3C; for SAX it's David Megginson and sax.sourceforge.net; for
JAXP it's Sun.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: Z:\Gradle\caches\modules-2\files-2.1\xml-apis\xml-apis\2.0.2\3136ca936f64c9d68529f048c2618bd356bf85c9\xml-apis-2.0.2.jar
MD5: 458715c0f7646a56b1c6ad3138098beb
SHA1: 3136ca936f64c9d68529f048c2618bd356bf85c9
Referenced In Projects/Scopes:
Evidence
Type Source Name Value Confidence
Vendor file name xml-apis High
Vendor pom description xml-commons provides an Apache-hosted set of DOM, SAX, and JAXP interfaces for use in other xml-based projects. Our hope is that we can standardize on both a common version and packaging scheme for these critical XML standards interfaces to make the lives of both our developers and users easier. The External Components portion of xml-commons contains interfaces that are defined by external standards organizations. For DOM, that's the W3C; for SAX it's David Megginson and sax.sourceforge.net; for JAXP it's Sun. Low
Vendor central groupid xml-apis High
Vendor pom organization url http://www.apache.org/ Medium
Vendor gradle groupid xml-apis Highest
Vendor pom organization name Apache Software Foundation High
Vendor manifest: javax/xml/transform/ Implementation-Vendor Sun Microsystems Inc. Medium
Vendor jar package name dom Low
Vendor jar package name w3c Low
Vendor pom name XML Commons External Components XML APIs High
Vendor manifest: org/xml/sax/ Implementation-Vendor David Megginson Medium
Vendor pom url http://xml.apache.org/commons/#external Highest
Vendor pom groupid xml-apis Highest
Vendor manifest: org/w3c/dom/ Implementation-Vendor World Wide Web Consortium Medium
Vendor manifest: org/apache/xmlcommons/Version Implementation-Vendor Apache Software Foundation Medium
Vendor pom artifactid xml-apis Low
Vendor manifest: javax/xml/parsers/ Implementation-Vendor Sun Microsystems Inc. Medium
Product file name xml-apis High
Product manifest: org/w3c/dom/ Specification-Title Document Object Model, Level 2 Core Medium
Product pom description xml-commons provides an Apache-hosted set of DOM, SAX, and JAXP interfaces for use in other xml-based projects. Our hope is that we can standardize on both a common version and packaging scheme for these critical XML standards interfaces to make the lives of both our developers and users easier. The External Components portion of xml-commons contains interfaces that are defined by external standards organizations. For DOM, that's the W3C; for SAX it's David Megginson and sax.sourceforge.net; for JAXP it's Sun. Low
Product manifest: org/xml/sax/ Implementation-Title org.xml.sax Medium
Product manifest: org/xml/sax/ Specification-Title Simple API for XML Medium
Product pom artifactid xml-apis Highest
Product manifest: javax/xml/parsers/ Implementation-Title javax.xml.transform Medium
Product pom organization url http://www.apache.org/ Low
Product manifest: org/w3c/dom/ Implementation-Title org.w3c.dom Medium
Product jar package name dom Low
Product manifest: javax/xml/transform/ Specification-Title Java API for XML Processing Medium
Product manifest: javax/xml/parsers/ Specification-Title Java API for XML Processing Medium
Product pom url http://xml.apache.org/commons/#external Medium
Product manifest: org/apache/xmlcommons/Version Implementation-Title org.apache.xmlcommons.Version Medium
Product pom organization name Apache Software Foundation Low
Product pom name XML Commons External Components XML APIs High
Product pom groupid xml-apis Low
Product gradle artifactid xml-apis Highest
Product central artifactid xml-apis High
Product manifest: javax/xml/transform/ Implementation-Title javax.xml.transform Medium
Version file name xml-apis Medium
Version pom version 1.0.b2 Highest
Version central version 1.0.b2 High
Version gradle version 2.0.2 Highest
Version file version 2.0.2 Highest
Version manifest: javax/xml/transform/ Implementation-Version 1.1.2 Medium
Version manifest: org/w3c/dom/ Implementation-Version 1.0 Medium
Version central version 2.0.2 High
Version manifest: org/xml/sax/ Implementation-Version 2.0 Medium
Version manifest: javax/xml/parsers/ Implementation-Version 1.1.2 Medium
Version central version 2.0.0 High
Version manifest: org/apache/xmlcommons/Version Implementation-Version 1.0.b2 Medium
junit-4.12.jar
Description: JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.
License:
Eclipse Public License 1.0: http://www.eclipse.org/legal/epl-v10.html
File Path: Z:\Gradle\caches\modules-2\files-2.1\junit\junit\4.12\2973d150c0dc1fefe998f834810d68f278ea58ec\junit-4.12.jar
MD5: 5b38c40c97fbd0adee29f91e60405584
SHA1: 2973d150c0dc1fefe998f834810d68f278ea58ec
Referenced In Project/Scope:
junitReport
Evidence
Type Source Name Value Confidence
Vendor pom url http://junit.org Highest
Vendor pom organization url http://www.junit.org Medium
Vendor pom name JUnit High
Vendor Manifest Implementation-Vendor JUnit High
Vendor file name junit High
Vendor pom artifactid junit Low
Vendor jar package name junit Low
Vendor pom organization name JUnit High
Vendor pom groupid junit Highest
Vendor gradle groupid junit Highest
Vendor central groupid junit Highest
Vendor Manifest Implementation-Vendor-Id junit Medium
Vendor pom description JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck. Medium
Product Manifest Implementation-Title JUnit High
Product pom organization url http://www.junit.org Low
Product central artifactid junit Highest
Product pom name JUnit High
Product pom groupid junit Low
Product pom url http://junit.org Medium
Product file name junit High
Product gradle artifactid junit Highest
Product pom description JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck. Medium
Product pom artifactid junit Highest
Product pom organization name JUnit Low
Version central version 4.12 Highest
Version file version 4.12 Highest
Version Manifest Implementation-Version 4.12 High
Version pom version 4.12 Highest
ant-junit-1.9.7.jar
Description: contains the junit and junirreport tasks
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.ant\ant-junit\1.9.7\12629dc0fe3bc89199f83c1cbf7f844f2d0801de\ant-junit-1.9.7.jar
MD5: d2aea68c381c3f5ba9267d6e487283b2
SHA1: 12629dc0fe3bc89199f83c1cbf7f844f2d0801de
Referenced In Project/Scope:
junitReport
Evidence
Type Source Name Value Confidence
Vendor jar package name apache Low
Vendor pom description contains the junit and junirreport tasks Medium
Vendor jar package name ant Low
Vendor pom artifactid ant-junit Low
Vendor gradle groupid org.apache.ant Highest
Vendor central groupid org.apache.ant Highest
Vendor manifest: org/apache/tools/ant/taskdefs/optional/ Implementation-Vendor Apache Software Foundation Medium
Vendor file name ant-junit High
Vendor pom parent-groupid org.apache.ant Medium
Vendor pom url http://ant.apache.org/ Highest
Vendor pom parent-artifactid ant-parent Low
Vendor jar package name tools Low
Vendor pom name Apache Ant + JUnit High
Vendor pom groupid apache.ant Highest
Product manifest: org/apache/tools/ant/taskdefs/optional/ Specification-Title Apache Ant Medium
Product central artifactid ant-junit Highest
Product pom description contains the junit and junirreport tasks Medium
Product pom groupid apache.ant Low
Product jar package name ant Low
Product pom parent-artifactid ant-parent Medium
Product gradle artifactid ant-junit Highest
Product file name ant-junit High
Product manifest: org/apache/tools/ant/taskdefs/optional/ Implementation-Title org.apache.tools.ant Medium
Product jar package name taskdefs Low
Product jar package name tools Low
Product pom name Apache Ant + JUnit High
Product pom artifactid ant-junit Highest
Product pom url http://ant.apache.org/ Medium
Product pom parent-groupid org.apache.ant Low
Version pom version 1.9.7 Highest
Version central version 1.9.7 Highest
Version file version 1.9.7 Highest
ant-1.9.7.jar
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.ant\ant\1.9.7\3b2a10512ee6537d3852c9b693a0284dcab5de68\ant-1.9.7.jar
MD5: a14502c25ee6bc76c4614315845b29e9
SHA1: 3b2a10512ee6537d3852c9b693a0284dcab5de68
Referenced In Project/Scope:
junitReport
Evidence
Type Source Name Value Confidence
Vendor file name ant High
Vendor jar package name apache Low
Vendor manifest: org/apache/tools/ant/ Implementation-Vendor Apache Software Foundation Medium
Vendor jar package name ant Low
Vendor gradle groupid org.apache.ant Highest
Vendor central groupid org.apache.ant Highest
Vendor pom artifactid ant Low
Vendor pom name Apache Ant Core High
Vendor pom parent-groupid org.apache.ant Medium
Vendor pom url http://ant.apache.org/ Highest
Vendor pom parent-artifactid ant-parent Low
Vendor jar package name tools Low
Vendor pom groupid apache.ant Highest
Product file name ant High
Product manifest: org/apache/tools/ant/ Specification-Title Apache Ant Medium
Product pom groupid apache.ant Low
Product jar package name ant Low
Product pom parent-artifactid ant-parent Medium
Product gradle artifactid ant Highest
Product pom name Apache Ant Core High
Product manifest: org/apache/tools/ant/ Implementation-Title org.apache.tools.ant Medium
Product jar package name tools Low
Product central artifactid ant Highest
Product pom url http://ant.apache.org/ Medium
Product pom parent-groupid org.apache.ant Low
Product pom artifactid ant Highest
Version pom version 1.9.7 Highest
Version central version 1.9.7 Highest
Version file version 1.9.7 Highest
ant-launcher-1.9.7.jar
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.ant\ant-launcher\1.9.7\224857a490283e72da13ffe3082dea62c558ec76\ant-launcher-1.9.7.jar
MD5: f099489fbe6cc9665cb690b4b03cf48c
SHA1: 224857a490283e72da13ffe3082dea62c558ec76
Referenced In Project/Scope:
junitReport
Evidence
Type Source Name Value Confidence
Vendor jar package name apache Low
Vendor jar package name ant Low
Vendor pom name Apache Ant Launcher High
Vendor gradle groupid org.apache.ant Highest
Vendor central groupid org.apache.ant Highest
Vendor pom parent-groupid org.apache.ant Medium
Vendor pom url http://ant.apache.org/ Highest
Vendor pom parent-artifactid ant-parent Low
Vendor jar package name tools Low
Vendor pom artifactid ant-launcher Low
Vendor file name ant-launcher High
Vendor pom groupid apache.ant Highest
Product pom groupid apache.ant Low
Product jar package name ant Low
Product pom artifactid ant-launcher Highest
Product pom name Apache Ant Launcher High
Product pom parent-artifactid ant-parent Medium
Product central artifactid ant-launcher Highest
Product jar package name tools Low
Product gradle artifactid ant-launcher Highest
Product file name ant-launcher High
Product pom url http://ant.apache.org/ Medium
Product jar package name launch Low
Product pom parent-groupid org.apache.ant Low
Version pom version 1.9.7 Highest
Version central version 1.9.7 Highest
Version file version 1.9.7 Highest
ehcache-core-2.6.2.jar: sizeof-agent.jar
File Path: Z:\Gradle\caches\modules-2\files-2.1\net.sf.ehcache\ehcache-core\2.6.2\3baecd92015a9f8fe4cf51c8b5d3a5bddcdd3e86\ehcache-core-2.6.2.jar\net\sf\ehcache\pool\sizeof\sizeof-agent.jar
MD5: 5ad919b3ac0516897bdca079c9a222a8
SHA1: e86399a80ae6a6c7a563717eaa0ce9ba4708571c
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor pom url http://www.ehcache.org Highest
Vendor Manifest jenkins-project sizeof-agent_sizeof-agent-1.0.1_publisher Low
Vendor file name sizeof-agent High
Vendor Manifest jenkins-build-number 6 Low
Vendor pom parent-artifactid ehcache-parent Low
Vendor Manifest hudson-project sizeof-agent_sizeof-agent-1.0.1_publisher Low
Vendor Manifest hudson-build-number 6 Low
Vendor pom groupid net.sf.ehcache Highest
Vendor pom artifactid sizeof-agent Low
Vendor pom name Ehcache Size-Of Agent High
Product Manifest jenkins-project sizeof-agent_sizeof-agent-1.0.1_publisher Low
Product file name sizeof-agent High
Product pom url http://www.ehcache.org Medium
Product Manifest jenkins-build-number 6 Low
Product pom groupid net.sf.ehcache Low
Product pom artifactid sizeof-agent Highest
Product Manifest hudson-project sizeof-agent_sizeof-agent-1.0.1_publisher Low
Product Manifest hudson-build-number 6 Low
Product pom parent-artifactid ehcache-parent Medium
Product pom name Ehcache Size-Of Agent High
Version pom version 1.0.1 Highest
Version Manifest jenkins-version 1.449 Medium
Version pom parent-version 1.0.1 Low
Version Manifest jenkins-build-number 6 Low
Version Manifest hudson-version 1.449 Medium
Version Manifest hudson-build-number 6 Low
maven: net.sf.ehcache:sizeof-agent:1.0.1
Confidence :High
org.eclipse.core.resources-3.9.1.v20140825-1431.jar: resources-ant.jar
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime\org.eclipse.core.resources\3.9.1.v20140825-1431\24a0e4b809d9cb102e7bf8123a2844657b916090\org.eclipse.core.resources-3.9.1.v20140825-1431.jar\ant_tasks\resources-ant.jar
MD5: 2e3d89f3c01f0deec05a4d04db4b67bd
SHA1: ac97fcd1a043208b58e6ec13c2708e5cbfdf9a55
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor file name resources-ant High
Vendor jar package name core Low
Vendor jar package name resources Low
Vendor jar package name eclipse Low
Product file name resources-ant High
Product jar package name core Low
Product jar package name ant Low
Product jar package name resources Low
jna-4.1.0.jar: jnidispatch.dll
File Path: Z:\Gradle\caches\modules-2\files-2.1\net.java.dev.jna\jna\4.1.0\1c12d070e602efd8021891cdd7fd18bc129372d4\jna-4.1.0.jar\com\sun\jna\w32ce-arm\jnidispatch.dll
MD5: 57697cbdd321ae7d06f5da04e821f908
SHA1: 67167f2b2fce8db5f9f64a372b0da54730d3ee51
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor file name jnidispatch High
Product file name jnidispatch High
jna-4.1.0.jar: jnidispatch.dll
File Path: Z:\Gradle\caches\modules-2\files-2.1\net.java.dev.jna\jna\4.1.0\1c12d070e602efd8021891cdd7fd18bc129372d4\jna-4.1.0.jar\com\sun\jna\win32-x86\jnidispatch.dll
MD5: 05a72ada9247aeb114a9ef01a394b6c4
SHA1: 8b32cc82740fc62afdf5ea211f1ca8bb72269bbf
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor file name jnidispatch High
Product file name jnidispatch High
jna-4.1.0.jar: jnidispatch.dll
File Path: Z:\Gradle\caches\modules-2\files-2.1\net.java.dev.jna\jna\4.1.0\1c12d070e602efd8021891cdd7fd18bc129372d4\jna-4.1.0.jar\com\sun\jna\win32-x86-64\jnidispatch.dll
MD5: 06b2f1f909d2436dff20d7a668ef26a9
SHA1: bd1bdda9a91f3b0d9067e323f7394bef933f81f6
Referenced In Projects/Scopes:
compileClasspath
compileOnly
default
compile
runtime
Evidence
Type Source Name Value Confidence
Vendor file name jnidispatch High
Product file name jnidispatch High
axiom-impl-1.2.20.jar\META-INF/maven/org.apache.ws.commons.axiom/om-aspects/pom.xml
Description: Contains aspects and implementation classes shared by LLOM and DOOM.
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.ws.commons.axiom\axiom-impl\1.2.20\fdb6f7eb20dfaab2ee513e734defc7219aed046\axiom-impl-1.2.20.jar\META-INF/maven/org.apache.ws.commons.axiom/om-aspects/pom.xml
MD5: 7f02e0ca90a6665816fc893a3acafd3b
SHA1: 703278a88f4fb1a9873ab94791dced7d062328a6
Evidence
Type Source Name Value Confidence
Vendor pom parent-groupid org.apache.ws.commons.axiom Medium
Vendor pom name OM Aspects High
Vendor pom groupid apache.ws.commons.axiom Highest
Vendor pom parent-artifactid aspects Low
Vendor pom description Contains aspects and implementation classes shared by LLOM and DOOM. Medium
Vendor pom url http://ws.apache.org/axiom/ Highest
Vendor pom artifactid om-aspects Low
Product pom artifactid om-aspects Highest
Product pom name OM Aspects High
Product pom groupid apache.ws.commons.axiom Low
Product pom parent-groupid org.apache.ws.commons.axiom Low
Product pom url http://ws.apache.org/axiom/ Medium
Product pom description Contains aspects and implementation classes shared by LLOM and DOOM. Medium
Product pom parent-artifactid aspects Medium
Version pom version 1.2.20 Highest
maven: org.apache.ws.commons.axiom:om-aspects:1.2.20
Confidence :High
axiom-impl-1.2.20.jar\META-INF/maven/org.apache.ws.commons.axiom/core-aspects/pom.xml
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.ws.commons.axiom\axiom-impl\1.2.20\fdb6f7eb20dfaab2ee513e734defc7219aed046\axiom-impl-1.2.20.jar\META-INF/maven/org.apache.ws.commons.axiom/core-aspects/pom.xml
MD5: 0d677d188261ef28a2284a35201b2eff
SHA1: 4856c617c643824475dbf1f0c6cf20b0ee50040a
Evidence
Type Source Name Value Confidence
Vendor pom parent-groupid org.apache.ws.commons.axiom Medium
Vendor pom name Core Aspects High
Vendor pom artifactid core-aspects Low
Vendor pom groupid apache.ws.commons.axiom Highest
Vendor pom parent-artifactid aspects Low
Vendor pom url http://ws.apache.org/axiom/ Highest
Product pom artifactid core-aspects Highest
Product pom name Core Aspects High
Product pom groupid apache.ws.commons.axiom Low
Product pom parent-groupid org.apache.ws.commons.axiom Low
Product pom url http://ws.apache.org/axiom/ Medium
Product pom parent-artifactid aspects Medium
Version pom version 1.2.20 Highest
maven: org.apache.ws.commons.axiom:core-aspects:1.2.20
Confidence :High
axiom-impl-1.2.20.jar\META-INF/maven/org.apache.ws.commons.axiom/shared-aspects/pom.xml
Description:
Contains mixins for methods that are shared between DOM and Axiom.
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.ws.commons.axiom\axiom-impl\1.2.20\fdb6f7eb20dfaab2ee513e734defc7219aed046\axiom-impl-1.2.20.jar\META-INF/maven/org.apache.ws.commons.axiom/shared-aspects/pom.xml
MD5: 8f639f2c9858ae41c1e2f57cd34d6ca6
SHA1: f9a7026ba8e0e7dcd007e59ced1616ef97baae5a
Evidence
Type Source Name Value Confidence
Vendor pom name Shared Aspects High
Vendor pom parent-groupid org.apache.ws.commons.axiom Medium
Vendor pom artifactid shared-aspects Low
Vendor pom description
Contains mixins for methods that are shared between DOM and Axiom.
Medium
Vendor pom groupid apache.ws.commons.axiom Highest
Vendor pom parent-artifactid aspects Low
Vendor pom url http://ws.apache.org/axiom/ Highest
Product pom name Shared Aspects High
Product pom artifactid shared-aspects Highest
Product pom description
Contains mixins for methods that are shared between DOM and Axiom.
Medium
Product pom groupid apache.ws.commons.axiom Low
Product pom parent-groupid org.apache.ws.commons.axiom Low
Product pom url http://ws.apache.org/axiom/ Medium
Product pom parent-artifactid aspects Medium
Version pom version 1.2.20 Highest
maven: org.apache.ws.commons.axiom:shared-aspects:1.2.20
Confidence :High
axiom-impl-1.2.20.jar\META-INF/maven/org.apache.ws.commons.axiom/xml-utils/pom.xml
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.ws.commons.axiom\axiom-impl\1.2.20\fdb6f7eb20dfaab2ee513e734defc7219aed046\axiom-impl-1.2.20.jar\META-INF/maven/org.apache.ws.commons.axiom/xml-utils/pom.xml
MD5: 2ec9363a7e3f21a1d4339a43c0b75da5
SHA1: ffb6b61ba49ff6627eb0cadaee9f766f70324871
Evidence
Type Source Name Value Confidence
Vendor pom parent-groupid org.apache.ws.commons.axiom Medium
Vendor pom artifactid xml-utils Low
Vendor pom parent-artifactid components Low
Vendor pom groupid apache.ws.commons.axiom Highest
Vendor pom url http://ws.apache.org/axiom/ Highest
Product pom groupid apache.ws.commons.axiom Low
Product pom parent-artifactid components Medium
Product pom parent-groupid org.apache.ws.commons.axiom Low
Product pom url http://ws.apache.org/axiom/ Medium
Product pom artifactid xml-utils Highest
Version pom version 1.2.20 Highest
maven: org.apache.ws.commons.axiom:xml-utils:1.2.20
Confidence :High
htrace-core-3.2.0-incubating.jar\META-INF/maven/commons-logging/commons-logging/pom.xml
Description: Commons Logging is a thin adapter allowing configurable bridging to other,
well known logging systems.
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.apache.htrace\htrace-core\3.2.0-incubating\8797cf3230f01e8724ef27a0ed565dabb6998c64\htrace-core-3.2.0-incubating.jar\META-INF/maven/commons-logging/commons-logging/pom.xml
MD5: 976d812430b8246deeaf2ea54610f263
SHA1: 76672afb562b9e903674ad3a544cdf2092f1faa3
Evidence
Type Source Name Value Confidence
Vendor pom artifactid commons-logging Low
Vendor pom name Commons Logging High
Vendor pom description Commons Logging is a thin adapter allowing configurable bridging to other, well known logging systems. Low
Vendor pom parent-artifactid commons-parent Low
Vendor pom url http://commons.apache.org/logging Highest
Vendor pom parent-groupid org.apache.commons Medium
Vendor pom groupid commons-logging Highest
Product pom parent-groupid org.apache.commons Low
Product pom artifactid commons-logging Highest
Product pom parent-artifactid commons-parent Medium
Product pom name Commons Logging High
Product pom description Commons Logging is a thin adapter allowing configurable bridging to other, well known logging systems. Low
Product pom groupid commons-logging Low
Product pom url http://commons.apache.org/logging Medium
Version pom version 1.1.1 Highest
Version pom parent-version 1.1.1 Low
maven: commons-logging:commons-logging:1.1.1
Confidence :High
plexus-utils-1.5.6.jar\META-INF/maven/org.codehaus.plexus/plexus-interpolation/pom.xml
File Path: Z:\Gradle\caches\modules-2\files-2.1\org.codehaus.plexus\plexus-utils\1.5.6\8fb6b798a4036048b3005e058553bf21a87802ed\plexus-utils-1.5.6.jar\META-INF/maven/org.codehaus.plexus/plexus-interpolation/pom.xml
MD5: 61795135733295c9aa438fda7b923db8
SHA1: 1074eabfbcbfb0decfe6f9ed0541668e114b9311
Evidence
Type Source Name Value Confidence
Vendor pom parent-groupid org.codehaus.plexus Medium
Vendor pom artifactid plexus-interpolation Low
Vendor pom parent-artifactid plexus Low
Vendor pom groupid codehaus.plexus Highest
Vendor pom name Plexus Interpolation API High
Product pom parent-artifactid plexus Medium
Product pom parent-groupid org.codehaus.plexus Low
Product pom groupid codehaus.plexus Low
Product pom name Plexus Interpolation API High
Product pom artifactid plexus-interpolation Highest
Version pom version 1.0 Highest
Version pom parent-version 1.0 Low
maven: org.codehaus.plexus:plexus-interpolation:1.0
Confidence :High